operational level it governance model - theseus

122
Yilmaz Karayilan Operational Level IT Governance Model for Partnering and Value Co-Creation in an Ecosystem Helsinki Metropolia University of Applied Sciences Master’s Degree Industrial Management Master’s Thesis 02 May 2013

Upload: others

Post on 17-Jan-2022

10 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Operational Level IT Governance Model - Theseus

Yilmaz Karayilan

Operational Level IT Governance Model for Partnering and Value Co-Creation in an Ecosystem

Helsinki Metropolia University of Applied Sciences

Master’s Degree

Industrial Management

Master’s Thesis

02 May 2013

Page 2: Operational Level IT Governance Model - Theseus

Abstract

Author Title Number of Pages Date

Yilmaz Karayilan Operational Level IT Governance Model for Partnering and Value Co-Creation in an Ecosystem 90 pages + 3 appendices 2 May 2013

Degree Master’s Degree

Degree Programme Degree Programme in Industrial Management

Instructor(s)

Thomas Rohweder, DSc (Econ), Principal Lecturer Marjatta Huhta, DSc (Tech), Principal Lecturer

The objective of this Thesis is to propose an operational level IT governance model to enable and secure value co-creation in a new service ecosystem consisting of the case company and its vendors. The goal of the new ecosystem is to ensure signifi-cant cost savings without jeopardising the quality of service and business continuity while introducing innovative, efficient solutions for increasing productivity. This op-erational level IT governance model is needed to support the case company’s IT organisation strategy aimed at becoming a true business partner for the newly se-lected vendors. The vendors are selected for implementing the latest outsourcing initiative which is based on: a) extensive partnership principles, b) value co-creation paradigm within the Service Dominant logic, and c) a new commercial model that suggests “stick and carrot” for members of the service ecosystem and secures the needed paradigm shift. The research approach applied in this study is action research. The model develop-ment is done in iterations, in three action research cycles. The data are mainly col-lected from the interviews and discussions in the case company, with the participants selected to represent a broad business perspective. The range of participants in-clude subject matter experts from the case company different IT Units: the Unit Heads, enterprise architect, service owner, stakeholder manager, transformation manager, enterprise release manager and the process & tools responsible persons, and the account managers from the selected vendor and supplier companies. In to-tal, 15 people shared their views and expectations for/from the new operational level IT governance model called the Business Service Steering Team (BSST). The model development is done by creating and verifying two versions of the BSST model, Version 1 and 2, designed after a series of interviews and discussions with the subject matter experts and key stakeholders, and based on reviewing the current case company’s practices as well as the best practice available from the literature. The outcome of the Thesis is a proposal for a new operational level IT governance model, BSST, including its key features such as ; a) the roles and responsibilities, b) performance management, and c) interaction space.

Keywords IT Governance model, Service Dominant logic, value co-creation, key performance indicator, service ecosystem

Page 3: Operational Level IT Governance Model - Theseus

1

Contents

Abstract

Table of Contents

List of Figures

Acronyms

1 Introduction 6

1.1 Background of the Case Company 6

1.2 Research Objective of the Study 7

2 Method and Material 9

2.1 Research Approach 9

2.2 Research Design and Implementation Process 11

2.3 Data Collection and Analysis Methods 12

2.3.1 Interviews and Discussions 12

2.3.2 Internal Documentation 15

2.4 Validity and Reliability 16

3 Best Practice for IT Governance Model 18

3.1 Service Dominant Logic and Value Co-Creation in Ecosystem 18

3.1.1 Service and IT Services 18

3.1.2 Service Level Management 19

3.1.3 Service Innovation 21

3.1.4 Value Creation and Value Creators 22

3.1.5 Service Dominant Logic and Value Co-Creation 24

3.1.6 Service Ecosystems and Partnering 25

3.2 IT Governance Models 27

3.2.1 Roles and Responsibilities 31

3.2.2 Performance Management 33

3.2.3 Interactions Space 36

3.3 Outsourcing and Commercial Contract 37

4 Current Case Company Practices 39

4.1 Service Dominant Logic and Value Co-Creation in the Case Company: Overview 39

4.1.1 IT Services and IT Service Ecosystem in the Case Company 40

4.1.2 Service Level Management in the Case Company 43

4.1.3 Service Innovation in the Case Company 45

Page 4: Operational Level IT Governance Model - Theseus

2

4.1.4 Value Creation and Value Creators in the Case Company 45

4.1.5 Service Ecosystems and Partnering in the Case Company 48

4.2 IT Governance in the Case Company 50

4.2.1 Current IT Governance Model in the Case Company 50

4.2.2 Current Roles and Responsibilities in IT Governance of the Case Company 56

4.2.3 Performance Management in the Case Company 58

4.2.4 Interaction Spaces in the Case Company 60

4.2.5 Outsourcing and Commercial Contract Signed by the Case Company 61

4.3 Suggested Approach to IT Governance for the Case Company 64

5 Model Development 66

5.1 Overview of the Model Development Process 66

5.2 Existing BSST Practices in the Case Company 67

5.3 Improving BSST Practices in Version 1 of the Model 67

5.4 Developing Version 2 of the BSST Model 72

5.5 Validation with the Experts 74

6 Final Proposed Model for IT Governance in the Case Company 75

6.1 Overview of the Proposed Model 75

6.2 Roles and Responsibilities 78

6.3 Performance Management 81

6.4 Interactions with Community Pages in Ecosystem 83

7 Discussion and Conclusions 86

7.1 Summary 86

7.2 Managerial Implications 88

7.3 Reliability and Validity 89

References 91

Participants 1

Appendices

Appendix 1. Discussions on Model Development (Round 1). Current Practice Analysis

Appendix 2. Discussions on Model Development (Round 2)

Appendix 3. Discussions on Model Development (Round 3)

Page 5: Operational Level IT Governance Model - Theseus

3

List of Figures Figure 1. Action Research cycles and main steps.

Figure 2. Research design and implementation process of this study.

Figure 3. Sample IT SLM and in Ecosystem.

Figure 4. SLA conformance.

Figure 5. IT service design steps and role of the innovations.

Figure 6. Value formation processes with GD logic.

Figure 7. The value formation process with SD Logic.

Figure 8. IT Governance Domains.

Figure 9. The Development of Integrated IT Governance.

Figure 10. The COBIT goals cascade.

Figure 11. Performance measurement approaches.

Figure 12. Structure of generic IT BSC.

Figure 13. Expectations from partnering.

Figure 14. Business Services and Capability Clusters of the case company.

Figure 15. The case company IT service ecosystem

Figure 16. Enhanced traditional KPIs are in contract

Figure 17. New commonly Shared KPIs (NSN IT).

Figure 18. The case company IT for R&D Unit value proposal (NSN IT).

Figure 19. The case company value network, ecosystem and interaction.

Figure 20. Newly built service ecosystem in the case company.

Figure 21. The case company IT governance processes alignment with COBIT.

Figure 22. IT governance processes (focused areas) in the case company.

Figure 23. Planned governance view and focus areas.

Figure 24. Steering teams and their scopes in the case company.

Figure 25. BSST and other steering teams as integrated governance.

Figure 26. The case company BSST facilities.

Figure 27. Members of the current BSST in the Case Company.

Figure 28. IT BSC introduced with new outsourcing contract.

Figure 29. Planned CDST community page in the case company.

Figure 30. Commonly shared KPI, Build and Run ratio.

Figure 31. The conceptual framework for new Operational Level IT Governance Model

development.

Figure 32. Newly added governance processes in Version 1 of the model.

Figure 33. BSST community page as interaction space for the service ecosystem

members.

Page 6: Operational Level IT Governance Model - Theseus

4

Figure 34. Location of the Proposed BSST in the joint sphere of service ecosystem.

Figure 35. BSST focus areas and responsibilities.

Figure 36. Manage Demand governance process in the scope of BSST.

Figure 37. An example of the BSST community page.

Page 7: Operational Level IT Governance Model - Theseus

5

Acronyms

ADM Application Development and Maintenance

AR Action Research

BA Business Analyst

BS Business Service

BSC Balance Score Card

BSST Business Service Steering Team

COBIT Control Objectives for Information and Related Technology

EA Enterprise Architect

E2E End-to-end

FPR First Pass Resolution

GD Good Dominant

KPI Key Performance Indicator

IT Information Technology

ITIL Information Technology Infrastructure Library

ITGI Information Technology Governance Institute

ITSM IT Services management

MI Managerial implications

MoO Mode Of Operation

NSN Nokia Siemens Networks

OTD On Time Delivery

R&D Research and Development

SA Service Availability

SD Service Dominant

ShM Stakeholder Manager

SI Service Integrator

SIP Service Improvement Process

SLA Service Level Agreements

SLM Service Level Management

SLR Service Level Requirements

SO Service Owner

SP Service Performance

QoS Quality of Service

Page 8: Operational Level IT Governance Model - Theseus

6

1 Introduction

This Thesis focuses on developing an Operational IT Governance Model for co-

creating value with partners in a common ecosystem. The approach taken in this study

is based on Service Dominant (SD) logic and applied to ensure value co-creation in a

newly established ecosystem for the Information Technology (IT) organisation in Nokia

Siemens Networks (NSN).

1.1 Background of the Case Company

The case company of this study, NSN, was created as a joint venture between Sie-

mens Communications division and Nokia's Network Business Group. The formation of

the company was publicly announced on 19 June 2006. In February 2007, NSN was

officially launched at the 3GSM World Congress in Barcelona, and it started its full op-

erations on 1 April 2007. The case company is one of the largest telecommunications

hardware, software and professional services companies in the world. It is currently

operating in 150 countries and has about 57,000 employees (Nokia Siemens Networks

2013). Its headquarters are located in Espoo, Finland.

Presently, NSN is a leading global enabler of telecommunications services. With its

focus on innovation and sustainability, the company provides a complete portfolio of

mobile, fixed and converged network technology, as well as professional services in-

cluding consultancy and systems integration, deployment, maintenance and managed

services. The case company strategy also focuses on developing mobile broadband

and services and aims at becoming the leader in Mobile Broadband telecommunica-

tions infrastructure systems. As a service provider, the case company aims to accumu-

late the financial strength to become a true standalone company. Following this strat-

egy, global restructuring and workforce reduction activities were started to ensure the

case company long-term competitiveness by improving its cash generation, productivity

and profitability.

The unit of this study, the case company IT organisation (NSN IT), provides company-

wide IT services for supporting NSN business units activities as its central function. IT

organisation alone has about 950 employees, in addition to 2000 external employees

worldwide. Services provided by the IT organisation are one of the core competences

of NSN.

Page 9: Operational Level IT Governance Model - Theseus

7

Currently, NSN IT aims to achieve sustainable competitive advantage by providing in-

novative and reliable IT solutions. As a part of corporate restructuring efforts, NSN IT

introduced a new strategy called Leaner IT as a true business partner. The aim of this

strategy is to develop a healthy and efficient ecosystem based on a new partnership

approach grounded in a paradigm shift from value-in-exchange to value co-creation.

This move is intended to enable significant cost savings without jeopardising the quality

of service and business continuity. A considerable part of those savings will be utilized

for developing innovative solutions in order to re-new the enterprise architecture and

increase productivity. The instrument to achieve this goal is to establish extensive

partnership with the newly selected vendors through a new commercial model. This

aim was not possible to achieve with the previous outsourcing attempts because of the

restrictions in intensification, paradigm and supplier thinking. In the future, the

achievement of this aim will re-position NSN IT as a true business partner and improve

collaboration and partnership in the intended ecosystem with vendors.

This ambitious strategy leads to a business problem of this Thesis, which is to suggest

a new operational level IT governance model, contract-based and following up per-

formance and development, and well equipped to steer ecosystem actors.

1.2 Research Objective of the Study

The purpose of this Thesis is to develop a model for the operational level IT govern-

ance for value co-creation with the new partners, based on the newly introduced com-

mercial model and the new IT strategy of the case company.

To achieve this goal, the study first explores some of the existing IT governance mod-

els, then presents the views of the case company and, finally, suggests a new IT gov-

ernance model to fit this new vision and secure sustainability of the ecosystem. The

study explores the current practices at the operational level in the existing IT govern-

ance models and develops an IT governance model that can ensure value co-creation

in an ecosystem with partners for the case company. The research question for this

Thesis is formulated as follows:

• How to build an operational IT governance model to ensure value co-creation in

an ecosystem with partners for the case company?

Page 10: Operational Level IT Governance Model - Theseus

8

Within the newly developed IT Governance model, this Thesis will, first, highlight the

importance of monitoring performance of the ecosystem and, second, the importance

of interacting to/with stakeholders. In this study, the model development process will be

limited to three versions of the IT governance model, which will require further devel-

opment to respond to changes and demands in the future.

This Thesis is written in 7 sections. Section 1 introduces the case company, business

problem and research objective of the study. Section 2 presents the research approach

which is action research, overviews its research design, data and its analysis methods.

It also describes the validity and reliability criteria to be used in this Thesis. Section 3

discusses Service Dominant logic, value co-creation, service ecosystems and partner-

ship, IT services and the existing practices in IT governance models found from the

literature. Section 4 describes the case company’s current practices grounded in its IT

governance and IT services, and introduces the Thesis conceptual framework. Section

5 overviews the iterative development of the proposed IT Governance model and its

evaluations before the final proposal is suggested. Section 5 also describes the pro-

posed model with the roles, responsibilities, performance management and interaction

spaces developed based on the previous analysis. Section 6 incorporates the valida-

tion results as feedback for the proposed model from the expert interviews and intro-

duces the final version of the Operational level IT governance model, BSST. Finally,

Section 7 summaries the results of the study and introduces recommendations for

managers, and discusses the validity and reliability of this study.

Page 11: Operational Level IT Governance Model - Theseus

9

2 Method and Material

This section describes the research approach and design applied in this study, and

overviews the data collection and analysis methods, as well as reasons for selecting

these methods. Finally, it discusses reliability and validity of this study.

2.1 Research Approach

The research approach applied in this study is Action Research (AR). Action Research

is described by Coughlan and Coghlan (2003: 31) as a process of progressive prob-

lem-solving designed to improve strategies, practices or a working environment. Cogh-

lan and Meethan (2003: 38) determine the aim of the AR as taking action to create

knowledge or theory about action. Relevantly, the most important characteristics of AR

described by Coughlan and Coghlan (2002: 222-226) are those of research in action

rather than research about action, which means solving a problem as well as contribut-

ing to science. Secondly, AR is often considered participative and interactive which is

especially important for data collection and feedback in this Thesis. Thirdly, this ap-

proach helps to understand a big picture by directly responding to the research ques-

tions through applying the action research cycles.

One of the forms that AR takes is a co-operative inquiry. It is described by Coghlan and

Meehan (2003: 410) as the research involving two or more people researching to un-

derstand their world, make sense of their life and develop new and creative ways of

looking at things. Another important form of AR is the learning part, i.e. how to act so

that to change the order of things and find out the ways how to do things better. These

aims support the Thesis objectives to introduce change and make impact on the exist-

ing case company practices.

The AR is often described as a research approach applied in cycles. A typical progres-

sion of AR cycles is illustrated in Figure 1 below.

Page 12: Operational Level IT Governance Model - Theseus

10

Figure 1. Action Research cycles and main steps (Coughlan and Coghlan 2002: 233).

As seen from Figure 1, the AR cycles can be divided into several steps. The AR cycle

starts with the pre-step, establishing the context and purpose and investigating the rea-

sons for the research unfolded, at which the research problem and key stakeholders

are identified. After the pre-step, the actual AR cycle starts with the six main stages

rotating, namely: data gathering, data feedback, data analysis, action planning, imple-

mentation, and evaluation of the action taken. (Coughlan and Coghlan 2002: 233)

In this Thesis, the three first steps – setting the research question, conducting the cur-

rent state analysis and analysing the existing knowledge – correspond to the pre-step

of the AR cycle illustrated in Figure 2. The data collection and analysis phase followed

by taking and evaluating actions, represent the main steps in the action research cycle

implemented in this study.

Considering the business problem of this Thesis, AR was selected as its research

method since it best meets the needs of the Thesis. In addition to the AR characteris-

tics, the execution process itself and the steps identified in the research process above

make Action research the most suitable method for this study. The AR approach, how-

ever, was adapted with adding certain details described in the next sub-section.

Page 13: Operational Level IT Governance Model - Theseus

11

2.2 Research Design and Implementation Process

The research design and process in this study based on the AR research is illustrated

in Figure 2.

Figure 2. Research design and implementation process of this study.

As shown in Figure, this Thesis starts with exploring the business problem by conduct-

ing meetings with key experts in the case company and setting objectives for solving

this business problem. Then, the research collects background knowledge and best

practices, and applies it to the analysis of the existing company documents and case

company practices, suggesting a framework for model creation.

Page 14: Operational Level IT Governance Model - Theseus

12

Then, the research focuses on the data collection and data analysis, which is done by

conducting a series of interviews and discussions with the case company and vendors.

After the data are collected and analyzed iteratively, in three cycles, the proposal is

formulated for a new IT governance model, which should lead to the next round of ac-

tion planning, after the proposal of the model is implemented and evaluated. As illus-

trated in Figure 2, the input is based on the relevant literature and the data analysis of

the case company practices later developed into a model.

As an outcome of the study, the proposal for the new IT Governance model is created

grounded in both the existing knowledge and the data collected. In the future, the sug-

gested proposal can be upgraded again to respond to the rapidly changing environ-

ment with executing new, additional AR cycles. However, the proposal developed in

this study through in-depth interviews and existing knowledge will be sufficient to initi-

ate the process with the proposed model.

2.3 Data Collection and Analysis Methods

In this study, the data for analysis come from a range of sources. The main source is

the interviews and discussions in the case company and with its vendors. The second

source is the reviewing of the case company existing documentation for the current IT

governance practices. On a general level, this study is guided by the principles of cre-

ating a well-documented study protocol where the researcher gives a detailed descrip-

tion of the data collection and analysis methods.

2.3.1 Interviews and Discussions

First, the study draws its data from a series of interviews and discussions in the case

company and with its vendors. These data were collected in three rounds. The first

round was done in the meeting with the IT Unit Heads and interviewed about the cur-

rent case company practices. The second round involved more case company experts

by introducing and discussing the first proposed version model and its conceptual

framework . The third round involved even more case company experts and also some

of the vendors for validating the second version of the proposed model.

Page 15: Operational Level IT Governance Model - Theseus

13

The details of data collection are specified in Table 1.

Table 1. Three rounds of data collection for model development in this study.

Data from (event) Participants Duration Topics Documents

Round 1 Data collection for identifying business problem, setting a research ob-jective and conducting the current state analysis of the existing prac-tices; development of the first version of the model

Meeting Kickoff Discussion 1

The case company IT Unit Heads (6 persons)

1X 3 hours session

Appendix 1 Field notes, min-utes, Power Point Presentation

Round 2 Data collection for further development of the model

Discussion 2

The case company IT Unit Heads, experts (6 persons)

1 X 3 hours

Appendix 2 Field notes, minutes, Power Point presenta-tions

Discussion 3 IT Service Owner 1 X 1 hour

Appendix 2 Field notes, minutes, Power Point presenta-tion

Discussion 4 Business Service Owner

1 X 1 hour

Appendix 2 Field notes, minutes, Power Point presenta-tion

Discussion 5 IT Tools and Process Owner

1 X 1 hour

Appendix 2 Field notes

Round 3 Data collection for further development and validation of the model

Discussion 6

Head of IT Performance and Assurance Unit

1 X 1 hour

Appendix 3 Field notes, minutes, Power Point presenta-tion

Discussion 7 Head of IT Quality Unit 1 X 1 hour

Appendix 3 Field notes, minutes, Power Point Presenta-tion

Discussion 8 Head of IT CIO Unit 1 X 1 hour

Appendix 3 Field notes, minutes, Power Point presenta-tion

Discussion 9 Head of IT Partnering Unit

1 X 1 hour

Appendix 3 Field notes, minutes, Power Point presenta-tion

Discussion 10 Vendor Wipro Account Manager

1 X 1 hour

Appendix 3 Field notes, minutes, Power Point presenta-tion

Discussion 11 Vendor ATOS Account 1 X 1 Appendix 3 Field notes,

Page 16: Operational Level IT Governance Model - Theseus

14

Manager hour minutes, Power Point presenta-tion

Discussion 12 Supplier IBM Account Manager

1 X 1 hour

Appendix 3 Field notes, minutes, Power Point presenta-tion

Discussion 13 Questionnaires 1, 2, 3 and 4

Enterprise Release Manager Enterprise Architect Vendor Wipro Account Manager Stakeholder Manager

4 X 30 minutes

Appendix 3 Field notes, min-utes and ques-tionnaire

As seen from Table 1, the data collection consisted of three rounds. In Round 1, a

kickoff meeting was arranged for interviewing colleagues and seniors at work. The aim

of the kickoff meeting was to capture the expectations from the project, verify the busi-

ness problem and research objectives, and review the case company current practices

as input for the first version of the model. In Round 2, seniors were interviewed for

gathering feedback on the first version of the model. Based on their feedback, the sec-

ond version of the model was developed. Finally in Round 3, a series of interviews

were conducted with the case company experts and vendors for verifying and validat-

ing the second version of the model and gathering feedback to develop the third and

final version of the proposed model. The process of data collection is described in more

detail below.

In Round 1, the first round of interviews in kick-off meeting mode was done with the IT

Unit Heads for the purpose of introducing the research project and analysing the cur-

rent practices and the desired state in a virtual 3-hour meeting. The discussion mode

was utilised to reveal understanding and expectations from the new strategy, and the

current and planned Mode of Operation (MoO) for the company practices and the out-

sourcing contract.

In Round 2, in addition to the IT Unit Heads responsible for transforming IT into a new

MoO, Discussions 2-5 were held with representatives of other NSN units, ensuring ap-

pliance of the true partnering and effective tools to support successful service provi-

sion. During these discussions, the conceptual framework and the first version of the

model were introduced and discussed. Additionally, more data were collected for im-

proving the proposed model iteratively, as input for its second version.

Page 17: Operational Level IT Governance Model - Theseus

15

In Round 3, another series of discussions was conducted for reviewing and validating

the second version of the proposed model and gathering more data as input for the

third, final version. During these discussions, the PowerPoint slides on the proposed

model were presented and discussed with the experts. Additionally, more data were

collected for improving the proposed model, and the outcome of its future implementa-

tion was discussed. These discussions were held with representatives the case com-

pany and the IT organisation’s experts, and vendor representatives.

Overall, the data collection for the study was handled through both, face-to-face and

virtual discussions and interviews, in a 2-month period, starting from December 2012

till March 2013, mostly in the case company premises in Espoo, Finland. Discussions

1-10 and 13 represented the newly appointed IT Unit Heads. Discussions 10-12 repre-

sented the newly selected vendors and key suppliers (e.g., account managers) ac-

countable for value creation through service and project development. Finally, the

questionnaire was conducted to review the second version of the proposed model with

the case company experts. Discussion 13 concludes the final data collection series.

2.3.2 Internal Documentation

Additionally, the company internal documentation was reviewed and analysed for the

current state analysis to capture the existing challenges, strengths and weaknesses of

the existing IT governance practices. For this purpose, the study examined a range of

the internal documents produced through the development of the new MoO which is

also executed simultaneously with the new Lean IT strategy introduced at Section 1.

Based on this documentation, the current and future roles and responsibilities of the

case company IT organisation and those of vendors were specified.

The analysis method utilized for both the discussions and interviews and the internal

documentation analysis was the Content analysis method. The Content Analysis de-

fined by Neuendorf (2002: 2-5) as a highly selective and structured method, which is

based on the principles of social science of measuring and counting. It can be seen as

an interview of media content and a content analysis summarizes rather than reports

all details concerning a message set. The rules of analysis are similar to the standard-

ized interview fixed, to ensure a high degree of reproducibility (Neuendorf 2002: 6).

Harold Lasswell (1968: 45) formulated the basic questions of the content analysis as

"who says what, to whom, why, to what extent and with what effect?" This offers a

broad approach to the content analysis as a technique for making inferences by objec-

Page 18: Operational Level IT Governance Model - Theseus

16

tively and systematically identifying specified categories and characteristics of the

message. The content analysis method enables the researcher to include large

amounts of textual information and systematically identify its properties, thus drawing

reliable information from the content of the message.

2.4 Validity and Reliability

As argued by Näslund et al. (2010: 338), validity and reliability are considered as

measures to ensure quality of research; and research is traditionally evaluated from the

validity and the reliability perspective.

One of the actions for improving validity of research is addressing the key question of

validity, namely "Was what was found a response to the questions originally asked?”

(Quintone and Smallbone 2006: 127). There are two types of validity of research, inter-

nal and external validity. Internal validity typically refers to face validity, which indicates

whether a tool measures what it is meant to measure. External validity as another as-

pect of validity answers the question of whether the results of research would applica-

ble in other contexts or situations. Validity is important, especially internal validity, be-

cause without it the research findings would not mean anything, as the investigator

may not even be measuring what he sets out to measure. That is why validity needs to

be improved by explicit, detailed description of data collection and analysis (Quintone

and Smallbone 2006: 126-129).

In this study, validity will mostly be secured by stressing the external validity because in

qualitative research such as this Thesis, the internal validity is a matter of less concern,

as during the research a lot of data is collected on the subject of the study. In this

study, the appropriate measure of external validity will be the question of "How transfer-

rable the results are into new MoO based on Lean IT strategy in the case company?",

as the research focuses on only one, operational level IT governance model in MoO. In

this study, the plan is to increase validity by focusing on the fact that the Research

Question is answered by involving subject matter experts to the model creation phase

and by ensuring that the new model is applicable to the new MoO in the case com-

pany.

Reliability deals with consistency of the research results, robustness of the measure

and the research being free from errors (Quintone and Smallbone 2006: 130). Reliabil-

ity can be addressed with the question of "Would we get the same results if we would

Page 19: Operational Level IT Governance Model - Theseus

17

the research were done again?" (Quintone and Smallbone 2006: 132) and focuses on

consistency of the research procedure. Reliability eventually pertains to the questions

of would the same or similar results be obtained by applying the same research proce-

dure, if the research was repeated using other research methods or by another re-

searcher. The reliability of the research can be strengthened by applying the following

methods: using different data sources, different data collection or analysis methods, or

if done at a different point in time (Quintone and Smallbone 2006:130).

In this study, reliability will be secured by studying a wide range of data collected from

different sources. In addition, it is planned to involve a broad range of experts from dif-

ferent sides of the ecosystem into the model creation phase.

Page 20: Operational Level IT Governance Model - Theseus

18

3 Best Practice for IT Governance Model

This section overviews the existing IT governance models and the logic of the Control

Objectives for Information and Related Technology (COBIT) approach. It also analyses

the features of IT governance models, such as roles, responsibilities, community inter-

actions mechanisms and performance monitoring elements, based on the Information

Technology Infrastructure Library (ITIL) and the views of the Information Technology

Governance Institute (ITGI) on IT governance.

Section 3 starts with the discussion on how services, IT Services, Service Dominant

(SD) logic can be applied to IT services, what value they create, and touches upon the

importance of the service innovation for enabling value co-creation.

3.1 Service Dominant Logic and Value Co-Creation in Ecosystem

SD logic is a new paradigm and mindset related to value co-creation, based on the

exchange of services and often aligned with innovation in services. Key features of the

SD logic are discussed in the following sub-sections.

3.1.1 Service and IT Services

Vargo and Lusch (2003) define service as the application of specialized competences

(knowledge and skills) through deeds, processes, and performances for the benefit of

another entity. Researchers stress that, although making perfect sense, this definition

seems to be inadequate to capture some basic intuitions. According to the Latin ety-

mology of the term, enjoying a service presupposes having somebody (the servus) at

your disposal, ready to do actions for your benefit. In this view, it is not so much the

specific action which counts as a service, but rather the commitment to perform some

kinds of actions that called a Service as an application (Ferrario and Guarino 2012:

172).

According to Pöppelbuβ et al. (2011: 545), service is time-perishable, intangible ex-

perience performed for a client who is acting as co-producer to transform a state of the

client. Service basic characteristics, as defined by LoveLock and Gummesson (2004:

21), include intangibility, heterogeneity (variability), inseparability and perishability

(IHIP), and create different perception points. They also develop different challenges

Page 21: Operational Level IT Governance Model - Theseus

19

for service management, which is a set of specialized organizational capabilities for

providing value to customers in the form of services (ITIL 2013).

These service definitions, which are derived from SD logic, refer to service as value co-

creation phenomena that arise among interacting service system entities (Ferrario and

Guarino 2012: 173).

Following these service definitions, IT service refers to the application of business and

technical expertise to enable organizations in the creation, management and optimiza-

tion of or access to information and business processes. The IT services market can be

segmented by the type of skills that are employed to deliver the service (design, build,

run). There are also different categories of service: business process services, applica-

tion services and infrastructure services (Gartner 2013). Level of the quality of the ser-

vice provision is agreed and monitored through the process called Service Level Man-

agement (SLM) that is discussed in the next sub-section.

3.1.2 Service Level Management

The objective of SLM, as set by ITIL, is to negotiate Service Level Agreements (SLA)

which will govern the relationships between the customers and the IT service prodiving

organization. Another objective of SLM is to design services in accordance with the

agreed service level targets that are monitored and reported through Key Performance

Indicators (KPI) specified in SLAs (ITIL 2013).

As seen from Figure 3 below, SLM functions as “glue” in the ITIL framework for Service

Level Agreement (SLA), Service Improvement Process (SIP) and Service Level Re-

quirements (SLR) (ITIL 2013).

Page 22: Operational Level IT Governance Model - Theseus

20

Figure 3. Sample IT SLM and in ecosystem (ITIL 2013).

As shown in Figure 3, SLM contains requirements for a service from the client view-

point which are the basis for any SLA. Requirements in SLRs are typically defined in

business terms, articulating the service level targets, mutual responsibilities, and other

requirements specific to a certain customer or group of customers. SLAs are most of-

ten specified in the contract. The types of SLAs can be illustrated by the results from

the ITGI survey (ITGI 2005a: 12) shown in Figure 4.

Figure 4. SLA conformance (ITGI 2005a: 12).

The results shown in Figure 4 imply that business alignment is ultimately clarified at the

moment when the contract between the parties is signed.

Page 23: Operational Level IT Governance Model - Theseus

21

In addition to SLAs, SIPs are crucial, from the SLM perspective, for securing and ena-

bling continuous improvement and service innovations. Service innovation is the one of

the key components which can be jointly developed and exchanged based on SD logic,

and it is discussed in following sub-section.

3.1.3 Service Innovation

Innovation is the key stone for developing a sustainable competitive advantage. In ser-

vices, innovation is the development and implementation of new ideas by people who

over time engage in transactions with other (Smedlund 2012: 7). There are two types of

innovations, open and close innovation. Open innovation is created in the internal and

external environment monitored for capturing innovations; and close innovation is de-

veloped in the environment where only internal resources are used for capturing and

enabling innovations. Open innovation embraces the benefits of openness as a means

of expanding value creation for organizations. It places certain limits on traditional

business models where those limits are necessary to foster greater adoption of an in-

novation approach (Chesbrough and Appleyard 2007: 58).

Service innovation, in its turn, is the creation of a service offering that has not been

previously available to customers, and which requires modification in the set of capa-

bilities of the service provider, and/or its customers (Smedlund 2012:14). Bery et al.

(2006: 56) define service innovation as an idea for a performance enhancement that

customers perceive as an offering of a new benefit or a sufficient appeal that dramati-

cally influences their behaviour, as well as the behaviour of competing companies. This

approach is illustrated in Figure 5 below.

Page 24: Operational Level IT Governance Model - Theseus

22

Figure 5. IT service design steps and role of the innovations (Pink Link 2005: 5).

Figure 5 demonstrates the importance of service innovation in IT Services, where or-

ganisations become winners by spotting big opportunities and inventing next practices

(Prahalad 2010: 32).

As one of the measures, continuous improvement through active listening and enabling

open innovations are one of the key mechanisms in SD logic for securing value co-

creation as described in following sub-section.

3.1.4 Value Creation and Value Creators

If put simply, value is the benefit emerging from a business activity for an organization

or its stakeholders; in other, very general terms, it can be considered as an act of

reaching satisfaction of some individual or organizational goals. According to Grönroos

(2012), value for a customer is created by the customer when using resources acquired

from a provider or otherwise accessible to the customer. Creating or making use of

naturally occurring interactions with its customers enables the firm to co-create value

with them.

Page 25: Operational Level IT Governance Model - Theseus

23

By engaging itself in its customers’ processes in a meaningful way, the organization

assists the customers in their creation of value-in-use. However, the customers create

value for themselves in their own value-in-use processes. The organization supports

this value creation by facilitating the value creation process with appropriate resources,

and through interactions with customers where the organization can take the role as a

value co-creator (Grönroos 2012).

The need for a practical and robust process based a value co-creation framework con-

sists of three main perspectives identified by Payne et al. (2008). The first perspective

is called the customer value creating processes, which is part of a business-to-

consumer relationship, if based on the processes, resources and practices that cus-

tomers use to manage their activities; or it is part of business-to-business relationship,

if the customer organization uses it to manage its business relationships with suppliers.

The customer value creation process can be defined as a series of activities performed

by the customer to achieve a particular goal. One key aspect of the customer’s ability

to create value is the amount of information, knowledge, skills and other operant re-

sources that they can access and use.

The second perspective is called the supplier value creating processes which is based

on the processes, resources and practices that the supplier uses to manage its busi-

ness relationships with customer and other relevant stakeholders. If a supplier wants to

improve its competitiveness, it has to develop its capacity to either add to the cus-

tomer’s total pool of resources, in terms of competence and capabilities (relevant to the

customer’s mission and values), or to influence the customer’s process in such a way

that the customer is able to utilize available resources more efficiently and effectively.

(Payne et al. 2008: 85)

The third perspective is called the encounter processes, where the processes and

practices of customer-supplier interaction and exchange take place. This perspective is

needed to be managed in order to develop successful co-creation opportunities.

(Payne et al. 2008: 86)

These three main value creating processes (from the customer, supplier and their en-

counter perspectives) form the basis of the framework for value co-creation in SD logic.

They are further discussed in the next sub-section.

Page 26: Operational Level IT Governance Model - Theseus

24

3.1.5 Service Dominant Logic and Value Co-Creation

A central concept of Service Dominant (SD) logic is the co-creation of value through

reciprocal service provision (Lusch et al. 2007: 14); and all social and economic factors

are referred to as resource integrators (Largo et al. 2008: 147).

In the traditional Good Dominant (GD) logic approach, goods are exchanged for mone-

tary value-in-exchange phase, as shown in Figure 6 below.

Figure 6. Value formation processes with GD logic (Grönroos 2012 : 7)

As illustrated in Figure 6, in the traditional way of thinking, value refers to monetary

value that is received through value-in-exchange process that is embedded in produc-

tion output (e.g. in goods), and which is exchanged for money or money’s worth. The

current view, however, is that value emerges during the customers’ use of resources as

value-in-use (Grönroos 2012). Customer value is usually defined as the difference be-

tween the perceived benefit and the perceived cost; and the supplier value as the dif-

ference between the received benefit and the provision or production cost (Kambil et al.

1999: 3).

In service ecosystems, value co-creation can be considered as an arrangement of re-

sources (including people, technology, information, etc.) which is connected to other

systems by value propositions (Vargo et al. 2008: 149). Consequently, service plays

the role of a mediator in this value co-creation process (Grönroos & Ravald 2011: 16).

Page 27: Operational Level IT Governance Model - Theseus

25

In SD logic, there are different stages in value creation as shown in Figure 7 below.

Figure 7. The value formation process with SD Logic (Grönroos 2012: 9).

As shown in Figure 7, value can be co-created only in a joint sphere where the user

and the supplier both represented and are based in SD logic. The ultimate goal of ser-

vice provision is therefore to facilitate and support the customers’ value creation. Tak-

ing up this perspective, this Thesis focuses specifically on a joint sphere where value

co-creation should be happening through the newly developed IT governance model.

In SD logic, the basic functional activities are called operational capabilities (e.g., logis-

tics, marketing), and focus on the ability to perform a coordinated set of tasks. Dynamic

capabilities are the abilities of an organisation to integrate, build, and reconfigure its

operational capabilities and external competences to address a rapidly changing envi-

ronment (Pöppelbuβ et al. 2011:547). These capabilities, also called resources, can be

exchanged in a service ecosystem for achieving mutual benefit for stakeholders and

based on partnering principles. This topic is discussed in the next subsection.

3.1.6 Service Ecosystems and Partnering

There are different ecosystem analogies such as biological, industrial and business

ecosystems among many other types introduced by Peltoniemi & Vuori (2004: 2-5).

This study focus on a business ecosystem, which is described by Peltoniemi & Vuori

(2004: 6) as an extended system of mutually supportive organizations that are commu-

nities of customers, suppliers, lead producers, other stakeholders and other interested

parties. These communities come together in a highly self-organizing, partially inten-

tional, and even somewhat accidental manner.

Page 28: Operational Level IT Governance Model - Theseus

26

Business ecosystems are characterized by a large number of interconnected partici-

pants who depend on each other for their mutual effectiveness and survival. If the eco-

system is healthy, individual species thrive. If the ecosystem is unhealthy, individual

species suffer deeply (Peltoniemi & Vuori 2004: 8).

In the organisational shift from an industry economy toward a service economy, eco-

systems play a significant role by facilitating this shift, the sources for this organiza-

tional change being globalization, technological change or an increasing demand for

services. Considering this trend, it becomes clear that services and the service econ-

omy also play an important role in shaping today's and tomorrow's business ecosys-

tems, to such an extent that they can be labelled as service ecosystems. Following this

vision, service ecosystems can be considered as a result of an evolution of service

orientation which takes services from merely integration purposes to the next level by

making them available as tradable products through service delivery platforms. In other

words, service ecosystems are market places for trading services in the business

sense and involve actors from different parties (Scheithauer et al. 2008: 1-4).

A service ecosystem can encompass the policies, strategies, processes, information,

technologies, applications and stakeholders that together make up a technology envi-

ronment. In service ecosystems, stakeholders are diverse based on the facts that who

creates, buys, sells, regulates, manages and uses the technology provided

(Scheithauer et al. 2008: 7).

Service ecosystems require working side by side with the customer rather than at arm’s

length (Burtonshaw and Salameh 2010: 109) and denote more than a client-vendor

relationship. This plan of partnering brings organisations a step further the traditional

outsourcing initiative, and leads into a new business model. A partnering paradigm is

closer to this type of thinking oriented towards the long-term interest by sharing the

same goal for the customer and supplier which is mutually defined and followed (Bur-

tonshaw and Salameh 2010: 109). Additionally, due to being collaboratively developed,

the reward and risk based pricing value propositions ensure successful, efficient ser-

vice provision and equal wealth for actors. These value propositions are based on the

“Market With” thinking approach (Lusch et al. 2007: 13). Another, additional factor that

attracts commercial organizations to partnering is the desire to reduce adversarial

situations. Occasionally, a problem between the parties may be so acute that its resolu-

tion would require a more formal and structured process, but without damaging the

Page 29: Operational Level IT Governance Model - Theseus

27

parties’ business relationships. The resolution of disputes is therefore also an important

issue seen by many as one of the cornerstones of collaborative partnering (Burtonshaw

and Salameh 2010: 111).

To sum up, Section 3.1 discusses how services and Service Dominant (SD) logic can

be applied to IT services, what value they can create, and stressed the importance of

the service innovation for enabling value co-creation. It was demonstrated that services

are the mediator in SD logic, and SD logic is the most appreciated paradigm in today’s

services economy where the paradigm shifts from value-in-exchange to value co-

creation. In this paradigm, value is co-created together by suppliers and customers

through sharing key competencies and experiences through services provision. Since

services are perceived as mediator in service ecosystems, management of the IT ser-

vice provision is needed, with can be done with collaboratively developed KPIs based

on the reward and risk, stick and carrot approach. These KPIs secure fair treatment

and health of the ecosystem. Finally, empowering continuous improvement through

service innovations creates positive stakeholder perception and develops the service

ecosystem into the more innovative mode. Thus, it can be supposed that a healthy IT

services ecosystem would require an efficient operational level governance model to

secure and enable value co-creation which means equal benefit for stakeholders.

3.2 IT Governance Models

“Firms with superior IT governance had 20% higher prof-

its than firms with poor governance given the same stra-

tegic objectives.”

Dr. Peter Weill, Director of the Center for Information Research, MIT (Based on a recent study of 250 enter-prises in 23 countries)

IT governance is a set of responsibilities and practices exercised by the executive

management with the goal of providing strategic direction, ensuring that plans and ob-

jectives are achieved, assessing that risks are proactively managed, and the enter-

prise’s resources are used responsibly (Selig 2008: 17). In other words, IT governance

is a set of processes that ensures the effective and efficient use of IT enables an or-

ganization to achieve its goals. (ITGI 2005a: 7-9)

Page 30: Operational Level IT Governance Model - Theseus

28

According to Weill and Ross (2004), there are ten principles for developing an IT gov-

ernance model. This set starts with actively designing governance which involves sen-

ior executives taking the lead. The other principals include: to redesign, making

choices, clarifying expectations, providing right incentives, assigning ownership and

accountability, providing transparency and implementing common mechanisms for the

key assets such as human, relationship and information (Weill and Ross 2004). These

principles are taken into consideration at the development phase of the proposed

model in this study (Section 6). Overall, in the context of this Thesis, clarifying expecta-

tions, assigning ownership and accountability, providing transparency and implement-

ing common mechanisms appear as the most significant principles which will form the

new IT governance model in terms of its roles, responsibilities and interaction mecha-

nisms. Other views on IT governance are presented below.

ITGI, a reputed authority on IT governance models, suggests five IT domains, namely:

a) strategic alignment, b) value delivery, c) risk management, d) performance meas-

urement and e) resource management, with the IT Governance at the centre. These IT

governance domains are shown in Figure 8 below.

Figure 8. IT Governance Domains (ITGI 2005b: 3).

Developing the idea illustrated in Figure 8, the essential components of IT governance

might, therefore, be summarized as follows. Firstly, IT governance overall focuses on

delivering value and managing risks, and grounded in strategic alignment, resource

management and performance management. Secondly, value delivery is not possible

without strategic alignment and resource management. Thirdly, it is impossible to pro-

Page 31: Operational Level IT Governance Model - Theseus

29

vide transparency of success or failure without performance measurement. Overall, in

the context of this Thesis, value delivery, which embodies the concept of risk-related

returns, appears as perhaps the leading element among all the five domains. As a brief

re-statement, ensuring that value is obtained from investment in IT is an essential

component of IT governance which can be enabled by strategic alignment and per-

formance management as basic components of an IT governance model (backed up

by resource management and risk management). Indeed, it could be argued that

unless success is achieved in the other domains, arriving at value delivery will remain

elusive. Nevertheless, value delivery, strategic alignment, and performance manage-

ment appear as the cornerstones of any IT Governance model.

Considering another approach to IT governance, COBIT, the same cornerstones are

visible there, too. These cornerstones are: 1) the value element, 2) alignment with

business goals, 3) monitoring and performance management, and 4) monitoring and

resources, risks ad IT management. The COBIT viewpoint on IT governance is shown

in Figure 9 below.

Figure 9. The Development of Integrated IT Governance (COBIT 2011: 38).

As illustrated in Figure 9, COBIT recommends that IT governance development should

consist of at least three phases. The first one is the planning for alignment of strategies

for both business and IT. The second one is the operating in the monitoring of perform-

Page 32: Operational Level IT Governance Model - Theseus

30

ance management and resources, risks and IT management. The final element is the

evaluation of the value element. This approach represent the COBIT perspective and

its integrated key activities for IT governance, as an IT governance model.

To clarify the issue of alignment between the business strategy and IT strategy, COBIT

suggests to the goals cascade to illustrate this logic. This cascade translates stake-

holder needs into the governance objectives and enterprise goals, and then translates

them further down to IT-related goals, processes and process goals. The COBIT goals

cascade helping to clarify the business-IT alignment through formulating a chain of

goals is shown in Figure 10 below.

Figure 10. The COBIT goals cascade (COBIT 2011: 3).

Page 33: Operational Level IT Governance Model - Theseus

31

The framework illustrated in Figure 10 stresses the importance of governance objec-

tives to be grounded in stakeholder needs and alignment of these needs with the busi-

ness strategy. This approach also paves the way to define the roles, responsibilities

and IT governance objectives related to these goals.

Summing up, the leading approaches to IT governance, the elements that are present

in all of the discussed approached, include: a) the value element, b) strategy alignment,

c) performance management, and d) resources, risks and IT management. As in-built

into this picture, the roles and responsibilities can be considered to be aligned with the

governance objectives and implemented through the resource management block. Ad-

ditionally, since the main objectives, activities, value deliver, roles and responsibilities,

and performance management of any IT governance are typically defined in a business

contract with the customer (ITGI 2005a: 13), this rounds up the set of elements critical

to any IT governance. The study discusses these elements one by one in the subse-

quent sub-sections.

3.2.1 Roles and Responsibilities

To elaborate on the roles and responsibilities, another prominent IT approach, ITIL can

be employed. ITIL is one of the most recognised collection of best practice in IT field

which introduces and classifies many roles and their relevant responsibilities. Accord-

ing to ITIL, whilst the roles and responsibilities vary in magnitude and complexity, there

are certain key interactive roles on both the client and supplier sides that are crucial to

the successful implementation and subsequent IT governance in an organisation (ITGI

2005a: 16). The key roles and responsibilities related to IT governance are summa-

rized in Table 2.

Table 2. Roles and responsibilities are defined by ITIL (ITIL 2013).

Roles Responsibilities

Business Relationship Manager Business Relationship Manager is re-sponsible for maintaining a positive rela-tionship with customers, identifying cus-tomer needs and ensuring that the ser-vice provider is able to meet these needs with an appropriate catalogue of ser-

Page 34: Operational Level IT Governance Model - Theseus

32

vices. Demand Manager Demand Manager is responsible for un-

derstanding, anticipating and influencing customer demand for services.

Service Owner Service Owner is responsible for provid-ing a particular service within the agreed service levels.

Service Level Manager Service Level Manager is responsible for negotiating Service Level Agreements and ensuring that these are met.

Release Manager Release Manager is responsible for planning and controlling the movement of Releases to test and live environments

Continual Service Improvement (CSI)

Manager

CSI Manager measure the performance of the service provider and design im-provements to processes, services and infrastructure in order to increase effi-ciency, effectiveness, and cost effective-ness.

Service Continuity Manager (SCM) SCM ensures that the IT service provider can provide minimum agreed service levels in cases of disaster, by reducing the risk to an acceptable level and plan-ning for the recovery of IT services.

Enterprise Architect Enterprise Architect is responsible for maintaining the Enterprise Architecture (EA), description of the essential compo-nents of business, including their interre-lationships.

Service User A person who uses one or several IT services on a day-to-day basis. Service Users are distinct from Customers, as some Customers do not use IT services directly.

Customer Someone who buys IT services. The Customer of an IT service provider is a person or group who defines and agrees the service level targets.

As illustrated in Table 2, ITIL roles immediately define a set of responsibilities. In ITIL,

this approach is used to assign process owners to the various ITIL processes, and to

specify responsibilities for every single activity (ITIL 2013).

In addition to this standard set of roles and responsibilities, ITIL also introduces an op-

erational level IT governance instrument called IT Steering Group. The IT Steering

Group (ISG) suggested by ITIL sets the direction and strategy for IT services. ISG in-

cludes members of senior management from both business and IT. The ISG reviews

Page 35: Operational Level IT Governance Model - Theseus

33

the business and IT strategies in order to make sure that they are aligned. ISG also

sets priorities of service development programs/ projects (ITIL Official Web Site 2013).

As for the other IT governance models, a key responsibility of all members of the gov-

ernance model is focused on the value element. Value delivery (ITGI 2005b: 3) is the

subject of key decisions for IT governance. IT governance also formalizes and clarifies

accountability and decision rights. Overall, IT Governance is responsible for manage-

ment, planning and performance review policies, practices and processes associated

with decision rights, establishing controls and performance metrics over investments,

plans, commitments and compliance with laws and organizational policies (Selig 2008:

23) as its most basic concerns.

The tools for exercising IT governance are: establishing and clarifying accountability

and decision rights (by clearly defining the roles, responsibilities and authority); apply-

ing such deliverables as IT plans, budgets and commitments, and managing risks, re-

sources, change, performance, demand, customer responsiveness and contingencies

proactively(Selig 2008: 24). Another important responsibility of the IT Governance is

ensuring that value is gained from investment in IT as an essential component and goal

of IT governance (ITGI 2005a: 13).

3.2.2 Performance Management

Performance management focuses on setting and reaching performance standards. IT

performance management collects, analyzes and reports on performance results

against objectives at a more detailed and operational level than the strategic plan level

(Selig 2008: 132-136). In other words, IT performance management is aimed at identi-

fying and quantifying IT costs and IT benefits (ITGI 2003: 8).

Some of the principles for achieving performance management excellence based on

Selig (2008: 134) include: a) identifying critical success factors for the business and IT,

and identifying the key performance indicators linked to these factors; b) building the

key performance indicators into the organisation’s performance evaluation system,

starting from the top and reaching to all positions that can influence those KPIs; c)

making KPIs relevant, simple, comparable, easy to report and focused on goals and

objectives; d) defining and issuing a management control policy and related proce-

dures, which identify all of the areas requiring management controls; d) monitoring,

Page 36: Operational Level IT Governance Model - Theseus

34

auditing and assuring that IT operates in accordance with the approved management

controls; e) develop a risk management and mitigation plan, policy and process.

A logical prerequisite of performance management is performance measurement.

There are different measurement instruments available in performance management,

depending on the goals, costs and benefits of the IT services. When costs and benefits

can be easily quantified and assigned a monetary value, traditional performance

measures such as ROI, net present value, and internal rate of return and payback

methods work well. Figure 11 shows available performance measurement approaches.

Figure 11. Performance measurement approaches (ITGI 2003: 8).

Figure 11 illustrates different approaches that can be utilised for IT performance meas-

urement. One of the approaches is the IT Balance Score Card (BSC) which might have

mostly intangible output (e.g., the results of the stakeholder satisfaction survey). Par-

ticular methods generally have different weight in BSC, but can be included into its con-

tent to ensure multiple perspectives for monitoring. The structure of IT BSC is shown in

Figure 12 below.

Page 37: Operational Level IT Governance Model - Theseus

35

Figure 12. Structure of generic IT BSC (ITGI 2005a: 13).

As illustrated in Figure 12, the structure of IT BSC consists of four main components:

a) user orientation, b) business contribution, c) future orientation, d) operational excel-

lence, organized in a similar manner (mission and objective). If analysed from the IT

governance perspective, one of the objectives of the user orientation is achieving user

satisfaction with creating partnership with users. Business contribution secures align-

ment between business and IT strategy and focuses special on value delivery. Future

orientation enables continual service improvement through continuous learning to se-

cure competitive advantage and quick adaption to changes. Finally, operational excel-

lence focuses on delivering and managing IT services as day-to-day work, and improv-

ing them by monitoring and evaluating maturity levels of IT processes (ITGI 2005a : 13-

16).

Thus, output or performance management is considered to be a major pre-requisite for

increasing transparency and accountability in a services ecosystem. Lack of visibility

and accountability can negatively affect stakeholders who are demanding more and

Page 38: Operational Level IT Governance Model - Theseus

36

more transparency and dialogue based on accurate, accessible performance informa-

tion among other available information.

3.2.3 Interactions Space

In value co-creation, there are four important building blocks noted by Prahalad and

Ramaswamy (2002: 9). The first building block is the dialogue at every stage of the

value chain which encourages not just knowledge sharing, but, more importantly, un-

derstanding between companies and customers. This dialogue also gives consumers

more opportunity to interject their views on value into the creation process; moreover, it

challenges the notion that ownership is the only way for the consumer to experience

value. The second building block is access to value creation. In practice, it means that,

by focusing on access to value at multiple points of exchange, as opposed to owner-

ship of products in GD logic, companies can broaden their view on the business oppor-

tunities in creating good experiences. The third building block is risk reduction which

assumes that, if consumers become co-creators of value with companies, they will de-

mand more information about potential risks of goods and services; simultaneously,

they may also have to bear more responsibility for handling those risks. Finally, the

fourth building block of value co-creation is the transparency of information required to

create the trust between organizations and individuals. (Prahalad and Ramaswamy

2002: 9).

As defined by Enkel et al. (2009: 314), development in internet technology and social

networking technologies will allow companies to interact with numerous sources and

predict an unprecedented level of richness of such contacts in the future. Organisations

are be able to draw their customers, suppliers, or other partners into the heart of their

service development e.g. through online idea management or community participation

in service development through community pages. As Enkel et al. (2009) argue, inno-

vation is often based on a recombination of existing knowledge, concepts and technol-

ogy (Enkel et al. 2009: 315) which can be captured and shared in a common interac-

tion space.

The basis behind the interaction spaces are dialogue and transparency as the building

blocks of value co-creation. With this basis, interaction spaces can enable information

Page 39: Operational Level IT Governance Model - Theseus

37

exchange for innovations and increasing accountability of governance in a service eco-

system.

3.3 Outsourcing and Commercial Contract

Presently, one of the popular alternatives to reach a sustainable competitive advantage

is outsourcing. Outsourcing is the mechanism that allows organisations to transfer the

delivery of value into the hands of the third parties. Fundamental to outsourcing is the

fact that, while value delivery is transferred, accountability remains firmly within the

hands of the client organisation. As argued by ITGI (2005a), transparency and owner-

ship of the decision-making process must reside within the purview of the client. Fol-

lowing this logic, the responsibility of the client organization (towards its end-users) is

to ensure that the risks are managed, and there is continuous delivery of value by the

service provider to the end users, although the value delivery itself is outsourced.

In the history of outsourcing, within the period that is considered as the first generation

outsourcing arrangements, practiced in the early 1990s, the relationships which existed

then allowed for typical profit margins of around 20% (Burtonshaw and Salameh 2010:

106) Many of these first generation arrangements focused heavily on the removal of a

problem for a customer (as shown in Figure 13 below) and were grounded in the provi-

sion of safe and fairly low-risk quality solutions.

Figure 13. Expectations from partnering (Burtonshaw and Salameh 2010: 105).

Page 40: Operational Level IT Governance Model - Theseus

38

As seen from Figure 13, in contrast to the removal of the problem in the first generation

arrangements, the second generation outsourcing was centred on cost-driven solu-

tions. The outsourcing arrangements were heavily weighted towards cost reduction, so

that they were characterized by more significant margins, and a resulting new ap-

proach based on the emergence of collaboration among suppliers. As the market for

outsourced services has matured, so did the requirements to seek more innovative

operational philosophies. In the late 90s, this search led to adopting partnering as the

key for corporate strategy in pursuit to increase profitability and additional shareholder

value (Burtonshaw and Salameh 2010: 100).

Following this change, a new, third generation outsourcing framework was developed

to support a partnership approach. The third generation outsourcing is reliant on cus-

tomer and suppliers working in partnership, with the relationship being predicated on

adding value and demonstrating it through various transparent performance metrics,

SLAs, stakeholder perceptions and user community satisfaction. This change is best

evidenced by the paradigm shift from value-in-exchange to value co-creation (Burton-

shaw and Salameh 2010: 100-102). This shift can be exemplified and recognised by

the citation from the second generation outsourcing times already “Whatever the dura-

tion and objectives of the business alliances, being a good partner has become a key

corporate asset” by Kanter (1994 : 186).

To sum up, modern governance processes articulated in the outsourcing contract can

be seen as a set of jointly agreed responsibilities, roles, objectives, interfaces and con-

trols intended to anticipate change and manage the introduction, maintenance, per-

formance, costs and control of the services provided by the third-party which can be

strengthen with partnership principle. Taken together, roles and responsibilities, per-

formance management, interaction space and contracts visible in any governance

models, create a minimum set of tools and components for IT governance.

The subsequent section applies this logic, derived from the literate review, to the

analysis the case company IT governance practices and, based on that, suggests an IT

governance model for the case company in Section 6.

Page 41: Operational Level IT Governance Model - Theseus

39

4 Current Case Company Practices

This section examines the current IT governance in the case company based on the

logic derived from the analysis of best practice in the previous section. It analyses the

current IT governance practices through SD logic and value co-creation, including

SLM, IT services and service ecosystem.

4.1 Service Dominant Logic and Value Co-Creation in the Case Company: Overview

The current case company IT governance is based on value-in-exchange paradigm

and services are thought as goods that packed and to be provided based on agreed

level or amount only.

The case company previous outsourcing contracts and relationships were based on

value-in-exchange logic. The services were considered as products or goods that have

price tag and any additional complimentary service was chargeable if demanded, even

if it was for improving the company own unacceptable level of service provision. This

situation, however, was recognised by the case company senior management (See

Appendix 1-2), and corrective decisions were made and applied within the new out-

sourcing contract. The new contract is developed in such a way that any vendor or

supplier, which has committed to collaboratively developed KPIs and / or cooperation

handbook, is considered as a partner in an ecosystem. This new partner has automati-

cally a seat and voting rights in the governance round table with its role and responsi-

bilities.

In addition to the contract, a cooperation handbook is developed based on SD logic

where partners are described as committed to sharing resources and competences to

secure health and wealth of the new service ecosystem. SD logic is a new way of work-

ing applied within the new outsourcing contract. Previously, all vendors or suppliers

were treated individually and separately, with dedicated contracts based on value-in-

exchange mindset and there was no link or commitment between them. That is why the

initial, previous ecosystem was weak, unhealthy and inefficient. This ecosystem was

capable of neither generating nor expected cost savings, nor efficient or innovative IT

service provision that caused negative stakeholder perception in the case company, as

comes out in Discussions (See Appendices1-2).

Page 42: Operational Level IT Governance Model - Theseus

40

Therefore, the need for a shift in paradigm from value-in-exchange to value co-creation

was raised in the case company by senior management (See Appendix 2). High cost

for service provision, especially compared to the money spent on innovation and im-

plementation, was not at an acceptable level. This was the result of value-in-exchange

mindset as services were seen as goods, and the KPIs were set for securing service

provision at a minimum acceptable level.

As soon as value co-creation in an ecosystem was established as the logic of the com-

pany and reinforced with the newly created cooperation handbook and signed contract,

there arose a new need for the efficient operational level for IT governance to make

this vision a reality. The realization of efficient operational level for IT governance, in its

turn, called for: a) defining roles and responsibilities by granting seats for partners, b)

enabling adequate level of interactions space, e.g. in the form of community pages, for

transparency and interactions; and c) the new level of performance management to

follow up on the progress and development in IT governance model (which are in-

cluded in scope of this Thesis).

4.1.1 IT Services and IT Service Ecosystem in the Case Company

As defined in ITIL, IT service is a means of delivering value to customers by facilitating

the outcomes that customers want to achieve without the ownership of specific cost

and risks (ITIL 2013). This argument explains the reasons behind the existing company

IT organisation (NSN IT) established specially to facilitate service provision. Currently,

case company IT services consist of platforms and applications collected into Business

Services (BSs) for supporting specific business process areas. This arrangement within

the case company enables efficiency by letting other business units focus on their own

core activities.

Currently, IT services supporting the same business processes and capabilities are

gathered under one BS, or services cluster. BSs and capability clusters are shown in

Figure 14.

Page 43: Operational Level IT Governance Model - Theseus

41

Figure 14. Business Services and Capability Clusters of the case company (NSN IT

2013).

As seen from Figure 14, solution areas that refer to capability clusters are supported by

several BSs. Currently, the case company has 32 BSs and more than 1120 IT services

belonging to those BSs. Each BS consists of up to 30 IT Services. The IT services in-

clude applications, platforms and tools for supporting day-to-day work in the case com-

pany business organisations. This study focuses on R&D Product and Program Man-

Page 44: Operational Level IT Governance Model - Theseus

42

agement Business Service in Product and SW Development Capabilities Cluster be-

cause the researcher is responsible for it as Service Owner.

As seen from Figure 15, whole IT service ecosystem in the case company is symbol-

ised with a triangle where from different vendor roles and responsibilities are visible.

Figure 15. The case company IT service ecosystem (NSN IT 2013).

Figure 15 illustrates involvement of selected vendors and suppliers, from the IT service

provision perspective, into the case company as a new services ecosystem (based on

the new outsourcing agreement enforced from May 2013). As stated in Section 1, the

retained part of IT after outsourcing is illustrated with a triangle in grey colour, and the

proposed governance model is directed to it.

Service Integrator (SI) is the role which refers to the orchestration of service provision,

is outsourced to one company as an end-to-end ITSM layer. SI will secure quality of

the service operations based on the ITIL best practices with Application Development

and Maintenance (ADM) vendors. ADM vendors, illustrated as R&D and non-R&D, are

selected in the same time with SI vendor, within the same outsourcing contract which is

based on extensive partnership. These vendors are committed to share the same KPIs

even they are responsible for different IT services, which are linked to each other from

Page 45: Operational Level IT Governance Model - Theseus

43

stakeholder satisfaction perspective. The suppliers illustrated as Infrastructure and

“Other 3rd party suppliers” are supportive functions for these vendors. The Retained IT,

User community, Vendors and suppliers are actors of the service ecosystem of the

case company.

Vendors and suppliers are currently connected with the IT unit through several out-

sourcing contracts that are not linked to each other at all, which prevents end-to-end

(E2E) ITSM. This is corrected within the newest contract that is based on extensive

partnership principles and commonly agreed KPIs as described in the next sub-section.

ITSM activities are crucial from the value co-creation perspective because they repre-

sent the first encounter with the case company IT services through which the relation-

ship with the end-user community is built.

Overall, ITSM performance and development is currently monitored, measured and

followed through the SLM processes which are described in the next subsection.

4.1.2 Service Level Management in the Case Company

In the case company, SLM was applied based on value-in-exchange mindset based on

the traditional KPIs. These KPIs were only enough to secure to get for both the case

company and suppliers what has been paid or promised to deliver.

These 4 KPIs in SLAs were: 1) Service availability (SA), 2) Service performance (SP),

3) On time ticket delivery (OTD), 4) First pass resolution (FPR) for tickets. These were

defined in SLAs that are assigned between the case company IT and Business organi-

sations, in addition to external vendors and suppliers, in order to secure adequate level

of service provision. Even so, what was committed to business was not aligned in SLAs

agreed with the others. This was causing confusion in the service provision phase be-

cause it was not aligned E2E.

These traditional KPIs were improved in the case company by upgrading the existing

SLAs and re-defining KPIs to secure E2E applicability within new contract. For doing

so, there is only one SLA exist with E2E KPIs and PIs, which are collaboratively devel-

oped between Business, IT and Vendors in the ecosystem. The performance of the

each BS is measured against enhanced KPIs that are defined in the new contract be-

tween the case company and its vendors as seen in Figure 16.

Page 46: Operational Level IT Governance Model - Theseus

44

Figure 16. Enhanced traditional KPIs are in contract (NSN IT 2013).

Figure 16 illustrates the enhanced traditional KPIs that will be effective in the case

company in May 2013 and aimed to ensure quality, efficiency, smoothness and satis-

faction with the IT Service provision. This is briefly indicated in the categories (quality,

timeliness and satisfaction) which reflect how service provision is perceived by user, no

matter who provides it.

In addition to these traditional metrics, in the new contract some new commonly shared

KPIs are specially introduced for enabling value co-creation even further. These new

commonly shared KPIs are listed in Figure 17.

Figure 17. New commonly Shared KPIs (NSN IT).

Page 47: Operational Level IT Governance Model - Theseus

45

As shown in Figure 17, these additional commonly shared KPIs are introduced to add

financial perspective and emphasises stakeholder satisfaction in SLAs. These new

KPIs are supposed to be used as “stick and carrot” and can be called as strong incen-

tives for the supplier to walk the extra mile. This new set of metrics is meant for meas-

uring and supporting a “partnership” mindset, where the suppliers can take responsibil-

ity and ownership to enable value co-creation with the case company. Briefly, all incen-

tives in the ecosystem are based on these KPIs to follow positive or negative develop-

ment.

Further improvements to the current set of case company metrics are suggested as

part of the proposed IT Governance model (in Section 6) performance management

feature. They are intended to ensure appreciable, adequate and even above-the-

committed level of SLM performance in the ecosystem.

4.1.3 Service Innovation in the Case Company

Lately, there are very few innovative solutions introduced in the case company due to

financial restrictions, re-structuring activities and legacy of value-in-exchange mindset

of the existing contracts with current vendors and suppliers. Within this logic, imple-

mentation of any innovative solution meant additional costs, which had most likely un-

planned financial impact and, in most cases, were rejected with the reasoning above.

As IT service provisioning was already financially supported with 2/3 of the overall IT

budget, the remaining amount was not enough for developing innovative solutions or

improving existing services to respond stakeholder needs, as seen in Discussions

(Appendix 1-2). Aim, therefore, was to fix this situation with the newly introduced

commercial model, implemented through the proposed model (described in Section 6).

4.1.4 Value Creation and Value Creators in the Case Company

Figure 18 illustrates the value proposal by the case company IT Unit for R&D (the unit

of this study) to own user community and aligned with business strategy.

Page 48: Operational Level IT Governance Model - Theseus

46

Figure 18. The case company IT for R&D Unit value proposal (NSN IT).

As seen from Figure 18, the proposed value is not only the monetary value anymore,

as usually understood for IT cost saving. The new value proposal is based on a prom-

ise of smooth, efficient, simply working solutions to achieve efficiency and productivity

in business day-to-day work. This should enable significant cost savings and benefits

such as competitive advantage and less man/work days spent for specific work. The

hope is that, once this value proposal is applied successfully by IT to R&D Unit, then

user community will co-create value by investing and involving more in IT Service pro-

vision. This also means vendors and suppliers who are involved in IT service provision

will also co-create value, in closer cooperation with the case company.

Presently, however, the existing IT governance model is located in the supplier sphere.

This location is illustrated in Figure 19.

Page 49: Operational Level IT Governance Model - Theseus

47

Figure 19. The case company value network, ecosystem and interaction.

As illustrated in Figure 19, the Operative level IT Governance Model is currently lo-

cated in the vendors and suppliers sphere. In this study, however, this location is

viewed as belonging to the previous generation of outsourcing. As an alternative, the

value proposal representing the third generation of outsourcing would require a closer

location to the user community, backed up with direct interactions with the users. This

alternative vision will be given in Figure 34 (Section 6.1).

Here, Figure 19 illustrates the current value network, ecosystem and interactions where

the operational level IT governance is placed out of the joint sphere, as is the situation

at present. This value network and ecosystem is described as a result of discussions

(See Appendix 1) and analysis of the company internal documentation. According to

these descriptions, the current IT governance model consists of three spheres: first, the

user community where IT services utilised, or the User Sphere; this is the sphere

where value is created in use and the user perception emerges. The second sphere is

the vendors and suppliers sphere; and the third sphere is the Joint Sphere. This is the

sphere where value co-creation is enabled and stakeholder perception is captured.

Page 50: Operational Level IT Governance Model - Theseus

48

Currently, as illustrated in Figure 19, the operative level IT Governance Model is lo-

cated in the vendors and suppliers sphere. This study challenges it as wrong and sug-

gests corrections with model proposed later this study (Section 6.1). But presently, this

is how the ecosystem and partnering are seen in the case company, and they reflect

the second generation of outsourcing relationships.

4.1.5 Service Ecosystems and Partnering in the Case Company

As stated earlier in this section, up to the present, the case company service ecosys-

tem was limited due to the predominance of value-in-exchange mindset, with SLA KPIs

orientation to securing some level of IT service provision. In the company and vendor

discussions, for example, in a forum called multi-supplier forum where issues dis-

cussed between suppliers, they tried to create value thought changing the paradigm,

just by trying to solving these issues collaboratively. However, most of the discussions

were ending up with dead-end, non-answered questions such as: “Who will pay for it?

Whose responsibility it is?” and issues were remaining on the table, which were caus-

ing considerable user dissatisfaction.

The need for paradigm shift into value co-creation and re-building service ecosystem

based on partnering principles, was recognized by senior management in the com-

pany (See Discussion 1-2). As the outcome, a newly introduced ecosystem was built

on different levels of partnering philosophy as seen from Figure 20.

Page 51: Operational Level IT Governance Model - Theseus

49

Figure 20. Newly built service ecosystem in the case company (NSN IT 2013).

As illustrated by Figure 20, in the newly built service ecosystem the membership levels

are based on the commitments made. In the new model, there are four levels of the

membership in the company new services ecosystem. The first one is called Gold

level, where the member commits to the collaboratively developed E2E KPIs and co-

operation agreement. These members are the ones who are selected within the latest

outsourcing partnering contract. The second one is Silver level, where members are

committed to commonly shared KPIs (introduced in the previous sub-section, SLM,

Section 4.1.2) in addition to cooperation agreement. There is no member on the Silver

level yet, and negotiations are ongoing to choose the candidates. The third one is

Bronze level membership where members commit to cooperation agreement only. The

fourth one is a non-membership level, referring to the suppliers who are working with

the service ecosystem indirectly and are not expected to be partners.

However, Figure 20 illustrates only that part of the service ecosystem which is built for

vendors and suppliers. There are also some significant members currently missing, if

the model were to illustrate the co-creation paradigm. These missing members are the

user communities and the stakeholders seen naturally as Gold members of the service

ecosystem, for whom it eventually exists.

Page 52: Operational Level IT Governance Model - Theseus

50

To further improve this existing vision, this Thesis focuses on partners on the Gold and

Silver level membership, proposing to provide them with seats, voting rights, and inter-

action space in the operational level IT governance model, and most importantly, with

granting them extensive roles and responsibilities (see the Proposal in Section 6.1).

To sum up, the company experiences from the past, coupled with the analysis of the

trends in other companies and theory of service ecosystem, as well as the company

internal vision (visible from the first and second rounds of company discussions, see

Appendixes 1-3) call for re-building the existing ecosystem based on SD logic, and

upgrading it with the value co-creation principles. These principles, representing the

modern vision and developments with value being co-created, in the area of IT ser-

vices, are implemented through delivering smooth, efficient, on-time and cost friendly

IT services. The current vision of ecosystem and partnering in the case company, can

thus be further advanced to meet the third generation outsourcing approach.

Next section analyses the current case company IT governance practices to find out

the capability to drive this newly built ecosystem for success in strategy execution.

4.2 IT Governance in the Case Company

Currently, the existing practices for IT governance are built around COBIT and ITIL

principles and processes. However, if viewed from the point of view of the roles and

responsibilities, interaction space and performance management mechanisms, dis-

cussed and identified as key elements for IT governance in Section 3, certain signifi-

cant features are missing in the existing IT governance model. This discrepancy is

stressed to increase awareness of the gaps in the existing model and to further ad-

vance it with a corrected IT governance proposal.

4.2.1 Current IT Governance Model in the Case Company

Presently, the case company refers to COBIT and ITIL as best practice for guiding its

ITSM and IT governance processes at the operational level. The COBIT framework

applied in the company IT governance processes is shown in Figure 21.

Page 53: Operational Level IT Governance Model - Theseus

51

Figure 21. The case company IT governance processes alignment with COBIT (NSN IT 2013).

Page 54: Operational Level IT Governance Model - Theseus

52

As seen from Figure 21, the COBIT framework is applied to the case company Enter-

prise IT governance processes. Performance Management, Enterprise Architecture

Management and Stakeholder Relationship Management processes are the most rec-

ognised among them, with COBIT applied to them in the case company currently. As

should be in the integrated enterprise governance processes, these are aligned with

the company IT and business units though direct involvement. This alignment secures

deliverables and outputs of the processes and makes sense to business and, vise

versa, to IT. That is why these three processes above are taken into the scope of the

proposed governance model too.

As seen from Figure 21, there are also COBIT processes for management of enterprise

IT such as Manage Availability & Capacity and Manage Changes. However, ITIL v3

best practice and processes are also referenced and utilised in the case company,

such as Service Operations, Service Design, Service Transition and Service Strategy

process clusters. These ITIL v3 ITSM process clusters are also taken into the scope of

the proposed governance model in order to secure QoS and adequate level service

provisions which are crucial for value co-creation.

Following the COBIT and ITIL best practices, different process areas are placed under

special focus in the case company existing IT governance model. They are visualised

in the goals cascade, as seen from Figure 22.

Figure 22. IT governance processes (focused areas) in the case company (NSN IT

2013).

Page 55: Operational Level IT Governance Model - Theseus

53

Figure 22 illustrates the overall IT governance processes and focus areas in the case

company which are developed based on COBIT and ITIL v3 IT governance and man-

agement processes. The processes coloured with purple belong to the scope of tacti-

cal and strategic governance models called Capability Cluster Steering Team (CCST)

and Corporate Development Steering Team (CDST). The ITIL v3 processes (coloured

in grey) are within the scope of the existing Operational level IT governance model,

Business Service Steering Team (BSST). Currently, BSST’s role and responsibility is

limited to leading BS performance, development and optimization. This study argues

that this limitation should be extended into the area of some tactical and strategic gov-

ernance processes and moved under the responsibility of the proposed model. This is

needed for increasing the mandate of BSST to secure value co-creation by monitoring

performance of the ecosystem at the operational level IT service provision. This need is

based on the discussions in the case company (See Appendix 2-3) which evidence for

importance and need for managing some of other governance processes by BSST to

secure and enable value co-creation. The extended responsibilities could include such

areas as Manage Stakeholder Issue and Manage Demand processes.

Figure 23 illustrates the focus areas in the planned governance view in place of for the

existing case company IT governance.

Figure 23. Planned governance view and focus areas (NSN IT 2013).

Page 56: Operational Level IT Governance Model - Theseus

54

As seen from Figure 23, BSST is located in Create and Operate gear (in the gray zone)

where relevant processes are managed. To ensure value co-creation at the lowest op-

erational level, which is BSs (as shown in Figure 14 earlier), with up to 30 IT services to

the dedicated business processes, there is a need for expanding the current roles and

responsibilities of BSST. This refers increasing the mandate of BSST with adding some

tactical and strategic processes into the scope of the proposed BSST in this study. Cur-

rently, through IT service provision, BSST and its user community are coming into di-

rect interactions. These interactions as source of innovations can be further empow-

ered from the value co-creation perspective. It can be done by mandating BSST to do

more than just leading service provision performance or optimisations only. It means

increasing responsibilities and relevant roles in BSST.

Figure 24 illustrates the existing strategic (CDST), tactical (CCST) and operational

(BSST) level steering teams and their scopes in the case company as MoO.

Figure 24. Steering teams and their scopes in the case company (NSN IT 2013).

As seen from Figure 24, this study focuses on the lowest entity circled with red colour

in the new MoO, by re-designing the operational level IT governance model. This The-

sis argues that strategy that is creating a healthy service ecosystem based on exten-

sive partnership can be executed successfully at the operational level, with the em-

powered BSST, and proposes hoe to do that.

Page 57: Operational Level IT Governance Model - Theseus

55

Figure 25 illustrates some of the existing and planned steering teams in the newly cre-

ate ecosystem (effective of May 2013) and relationships between BSST to other steer-

ing teams as joint governance.

Figure 25. BSST and other steering teams as integrated governance (NSN IT 2013).

As seen from Figure 25, the current BSST interfaces and interactions are quite limited

to other steering teams, which can be seen as an area for improvement. As an exam-

ple, currently there is no link between cross-vendor performance management steering

team and BSST. This situation raises concern how well BS performance can be moni-

tored, if BSST involvement is limited for having visibility to E2E performance manage-

ment in service ecosystem. Another concern with the existing governance model is

how specifically BSST can analyse impact to the whole service ecosystem, when BS

fails to deliver a minimum adequate level of KPIs. For responding to these concerns,

this Thesis argues that strong linkage is needed between BSST and other relevant

steering teams through, at least, performance management processes and interaction

spaces.

Figure 26 illustrates the purpose, participants, schedule, decisions and approvals of the

existing BSST in the case company.

Page 58: Operational Level IT Governance Model - Theseus

56

Figure 26. The case company BSST facilities (NSN IT 2013).

As seen from Figure 26, currently BSST is limited with its roles and responsibilities to

execution and monitoring service provisions only. As stated earlier, this study argues

against this limitation as it raises importance of the BSST lowest operational steering

team, where strategy can be executed efficiently. That is why BSST need to be

strengthened with additional roles, responsibilities for executing relevant governance

processes to achieve goals. Next section describes the current roles and responsibili-

ties in the BSST further on.

4.2.2 Current Roles and Responsibilities in IT Governance of the Case Company

The case company has recently defined new roles to fulfil expectations for leaner IT in

the new MoO. The ones which are planned to be included in the current BSST are in-

troduced in Figure 27.

Page 59: Operational Level IT Governance Model - Theseus

57

Figure 27. Members of the current BSST in the Case Company (NSN IT 2013).

Figure 27 introduces roles and their detailed responsibilities as of the current situation

in the case company. These three roles, BS Owner, Service Owner (IT) and Stake-

holder Manager, are the key roles in the existing BSST with vendor representatives.

These roles have enough mandate and responsibilities to lead BSs operational per-

formance and optimise it. However, these roles and responsibilities are not enough to

facilitate and enable value co-creation, as it is not reflected in the current BSST, as

noticed in the initial Discussions (Appendix 1).The limitation of the purpose of the cur-

rent BSST caused also limitation to the roles and responsibilities. It means that these

roles will not be sufficient to enable value co-creation, and this study argues that other

participants are needed. There are many other important roles defined in the case

company for executing strategy with relevant governance processes, located into dif-

Business Service Owner • Provides business perspective to the Bus. Service Roadmap and is accountable for the business side execution.

Defines and aligns business requirements and expectations for this service, agrees on KPIs and SLA • Aligns different user groups and stakeholders on business side, Acts as an coordination and communication point

for this business service. Approves changes for a business service • Acts as an escalation point for Service Performance Problems. Monitors the performance and takes corrective ac-

tions (from a business perspective) Participates on a regular level to BSST

Service Owner • Is accountable for the service delivery, operational and financial performance, and usability towards the business

for his/her business service(s) and their KPIs (availability, performance, end user satisfaction) • Is accountable for and steers the implementation of the agreed / approved business services changes, which are

resulting from the capability roadmap items, the related programs and projects • Is accountable that there is a good and deep collaboration for his/her business service between NSN IT and the

respective IT vendors • Has the entrepreneurial responsibility for his/her business service. Maintains the business service specification

(e.g. SLA) in the business service catalogue. Is accountable for standard changes and emergency changes. Is ac-countable for the life cycle and the development / evolution of his/her BS

Stakeholder Manager • The single point of accountability on the IT interface towards other NSN units. Has within IT the entrepreneurial re-

sponsibility for Stakeholder Units and specific Business Functions on behalf of the business stakeholders and end users

• Is accountable for ensuring that NSN derives value from its IT investment in terms of Performance, Availability, End User Support, Problem Management and Capability Development

• Drives proactive needs analysis, ensuring that business requirements are aligned with the business strategy, busi-ness execution plans and capabilities. Manages the translation and prioritization of business requirements into IT demands and capabilities

• Manages business change requests Maintains a keen awareness of IT capability evolution outside of NSN that could help their stakeholder function improve their performance

• Acts where applicable as regional face of IT towards stakeholders and end users within a region

Page 60: Operational Level IT Governance Model - Theseus

58

ferent organisations in IT. If these roles cannot get seat to BSST, there will not be any

direct linkage between operational levels to tactical or strategic levels. Even the infor-

mation delivered to those levels from operational levels in reports, for observing it cor-

rectly, requires living, communicating, arguing and discussing with/from the real source

within BSST. This situation will likely cause loosing of the crucial information and visibil-

ity, which will become visible through wrong decisions or delays in execution, as no-

ticed earlier in the case company (See Appendix 1-2). Following this, a healthy service

ecosystem based on extensive partnership philosophy will remain in texts and slogans,

and will not be applied in real life, which is crucial from the reputation perspective. All

relevant expectations such as value co-creation and introducing innovative solutions,

while saving IT cost, will not be possible either.

4.2.3 Performance Management in the Case Company

Currently, transparency of the level of IT service provision is followed by the use of IT

BSC based on the existing SLAs with incumbent vendors. This is the most important

mechanism to answer question how adequately the provided service level is, and

whether it complies with the existing SLAs. However, even though the current IT BSC

provides information about what has been delivered and how much it costs, there is not

any visibility about how it has been delivered. It is because there is not much transpar-

ency or discussions around it. If KPIs meet with the agreement, then they are coloured

in green in reports, and there are no discussions what else could be done in addition to

providing e.g. support, as only this was paid for. This is a natural outcome of the cur-

rent value-in-exchange mindset which needs to be changed.

This situation was recognized by IT senior management because business organisa-

tions’ stakeholder managers and user communities have started demanding more than

just service provision in the case company. This message was received well and fol-

lowing it a planned IT BSC for the new contract agreement was introduced (effective of

May 2013) to follow up on performance and development from how? perspective in

addition to what? Figure 28 shows a planned IT BSC for the new contract agreement.

Page 61: Operational Level IT Governance Model - Theseus

59

Figure 28. IT BSC introduced with new outsourcing contract (NSN IT 2013).

Page 62: Operational Level IT Governance Model - Theseus

60

As seen from Figure 28, traditional KPIs are enhanced so that they can be followed up

E2E for ensuring performance management from the user perception perspective, no

matter which vendors and suppliers are behind the service provision. These traditional

KPIs are additionally empowered with common KPIs which are crucial from the value

co-creation perspective. However, even if the overall IT BSC is improved recognisably,

the current BSST responsibility is limited in monitoring E2E to only traditional KPIs.

This means the common KPIs Build vs. Cost Ratio and Stakeholder Satisfaction are

kept out from the BSST scope, which is crucial from the value co-creation perspective.

This study argues that these two common KPIs above need to be added to the scope

of BS performance management responsibility. By doing it, development will be re-

corded and followed at BSST level, and necessary corrective actions will be taken on

time. As an example, if stakeholder satisfaction for a BS is poor, then it is easier to

identify the root causes by BSST monitoring monthly rather than waiting for the annual

report and asking why then, which is too late. Additionally, the extended responsibility

will secure and enable value co-creation by addressing the visibility concerns such as

what, by whom, how, why something has been done, and if it fulfils the expectations in

the service ecosystem in cases such as whom to reward and/or whom to ask for taking

corrective actions.

4.2.4 Interaction Spaces in the Case Company

Currently, since the BS approach is new, community pages as interaction spaces are

not yet created in the case company. However, each IT Service that belongs to BS has

its own community pages, where from vital information such as guidance, support, con-

tact details, etc. are shared and service requests are raised.

To address this need, there is plan to create tactical and strategic level interactions

spaces as community pages. An example of CDST community page can be seen from

Figure 29.

Page 63: Operational Level IT Governance Model - Theseus

61

Figure 29. Planned CDST community page in the case company (NSN IT 2013).

As seen from Figure 29, the aim for the planned CDST community page is to develop

tactical and strategic level interaction space and feed it with information received from

BSST. As this information will briefly overview development, status, progress and deci-

sions at strategic or tactical levels, visibility to specific BSST level information will re-

main in the dark. This study argues for importance of efficient, both ways oriented

community interactions for BSs at the operational level and suggest developing such

BSST community pages that will be linked to other community pages. BSST commu-

nity pages will enable interaction between own stakeholders, end user community, and

vendors who can reach to interesting and relevant information easier.

4.2.5 Outsourcing and Commercial Contract Signed by the Case Company

Currently, effective outsourcing contracts in the case company are based on the value-

in-exchange paradigm which will be shifted to value co-creation with SD logic with the

lately signed new extensive partnership agreement based the new outsourcing contract

(effective of May 2013). The proposed operational level IT governance model (BSST)

Page 64: Operational Level IT Governance Model - Theseus

62

will drive execution of the strategy aimed at implementing the new contract; therefore,

this section describes some contract related information.

In the case company, the newly formulated NSN IT strategy described at Section 1

means the increased role of outsourcing implemented in two waves. The first wave was

carried out in 2010, with outsourcing the IT service operations, namely the day-to-day

IT administration and IT maintenance tasks and activities. This was grounded in the

provision of safe, fairly low-risk quality solutions and cost saving. Following the first

wave, the second wave is planned to continue with the 2nd generation outsourcing for

the remaining 60-70% IT employees, with IT services going to the external service pro-

viders, Atos and Wipro. This plan is heavily reliant on customer and supplier working in

partnership, with the relationship being predicated on adding value and enabling value

co-creation.

The outsourced functions will comprise the internal IT service management activities

and replace the first wave of service operations activities executed by the earlier se-

lected service providers. This means that the case company selected partners, ATOS

and Wipro, will be responsible for efficient end-to-end service provision. The outsourc-

ing contractual agreement to start the second wave was signed in December 2012, and

the service commencement date is appointed on 1st May 2013, when the new vendors

will take responsibility for Quality of Service (QoS) provision as true partner.

Following this agreement and introduction of new MoO, the new IT organisation and its

partners are planned to focus, first, on establishing intensive partnerships based on

Service Dominant (SD) logic, where selected service providers would support NSN

user community and mutually co-create value in a newly introduced ecosystem. Sec-

ondly, they will focus on stakeholder management, strategy development and align-

ment towards NSN business. Thirdly, they will focus on developing innovations for en-

hancing service portfolio, architecture management, and improving performance man-

agement of business services, projects, processes together.

It is also noticed that the first wave of outsourcing, which was based on the classical

value-in-exchange principle, did not generate the expected savings or initiated innova-

tive solutions. However, service provision was fairly successful because it was paid

based on a fixed fee and KPIs stipulated in the contract which assured the minimum

expected level was achieved. Importantly, there were no performance indicators for

Page 65: Operational Level IT Governance Model - Theseus

63

measuring or monitoring continuous improvement; in other words, mutual value co-

creation through innovations was never measured. As a result, innovative solutions

were not introduced because they were not in the scope of the outsourcing contract or,

even tried by some, were not supported by the ecosystem (for different reasons such

as missing financial support). The new contract aims to ensure continues improvement

at the service provision stage and introducing more innovative solutions since the fi-

nancial part was secured with reinvesting extra savings. Figure 30 illustrates the com-

monly used KPI in the current contract.

Figure 30. Commonly shared KPI, Build and Run ratio (NSN IT 2013).

As illustrated in Figure 30, currently about 2/3 of the NSN IT investments are utilised for

service provision, which leaves little room for developing innovative and efficient solu-

tions for the NSN business. For changing this situation and generating more innova-

tion, a new type of contract will allow vendors to reduce service provision and run-

related costs (such as hardware and software licenses), and utilise these resources for

introducing innovative solutions. These costs will be labelled the build-related costs, as

illustrated in Figure 30, as one of the commonly shared KPI to be followed. The aim is

to improve stakeholders’ satisfaction and, in the same time, to introduce other com-

monly shared KPIs to be followed. These KPIs are crucial deliverable, from the value

co-creation perspective.

Page 66: Operational Level IT Governance Model - Theseus

64

This study argues strongly that the strategy set with this new contract should be exe-

cuted at the operational level with granting enough level mandates to BSST for achiev-

ing these targets and goals successfully.

4.3 Suggested Approach to IT Governance for the Case Company

The analysis of the case company current practices (discussed earlier in Section 4)

was based on the results of the examination of best practice available in business lit-

erature (discussed in Section 3). Both support the following approach to the develop-

ment of the case company operational level IT Governance model.

This approach points to the three main features need to be reflected in the new model,

as shown in Figure 31.

Figure 31. The conceptual framework for new Operational Level IT Governance Model

development.

Page 67: Operational Level IT Governance Model - Theseus

65

As seen from Figure 31, as the characteristic of the modern business practice, and also

emphasized by the case company in its business activities, these features are roles

and responsibilities, performance management, and interactions spaces with the com-

munity. Improving these features will strengthen the proposed IT Governance model by

granting it more mandates to execute strategy efficiently, compared to the current

company practices. This improvement will happen by introducing additional govern-

ance processes to be executed and monitored into the scope of the proposed model.

For being capable to execute these governance processes, first of all, new or extended

roles and responsibilities will be added into proposed model. Secondly, efficient per-

formance management will be included in the model needed to monitor, measure and

report on the outcomes of the processes. Third, community pages as interaction

spaces will be used for capturing innovations, reporting on the development and ena-

bling transparency to benefit the user community and stakeholders. Briefly, based on

the current state analysis, these features are confirmed as essential for efficient strat-

egy execution, following up this execution progress and communicating its outcomes to

relevant community, and which are seen as a gap in the current company practices.

To sum up, the suggested conceptual framework summarizes the approach to value

co-creation, performance measuring and strategic alignment in the modern best prac-

tice (Section 3) and is also grounded in the existing case company governance prac-

tices (Section 4). It also correlates with the main features stressed in other governance

models, as well as in the processes practiced by the case company. Therefore, this

approach is chosen for the development of the model for IT Governance in the next

section. The aim is to provide necessary power to the new BSST model for enabling

and securing value co-creation in the newly created ecosystem based on the recent

commercial model introduced in the case company.

This ambitious vision means applying the contract content into real life, and calls for a

new operational level IT Governance model which is introduced in the next section.

Page 68: Operational Level IT Governance Model - Theseus

66

5 Model Development

This section presents an overview of the development process of the proposed IT gov-

ernance model. The model was designed and analysed based on the conceptual

framework (introduced Sections 3 and 4); and the model development process was

built around meetings, interviews and discussions in the case company and with ven-

dors to investigate their vision as for Versions 1, 2 and 3 of the new operational level IT

Governance model. The model was called Business Service Steering Team (BSST).

5.1 Overview of the Model Development Process

The development process is presented according to the rounds of meeting and discus-

sions on versions 1-3 of the IT Governance model. The summary of the development

process is shown in Table 3.

Table 3. Development process of the proposed IT Governance model.

Stage Model development steps

Round 1

(Appendix 1)

Kick-off Meeting. Meeting and discussion with IT Unit Heads for understanding, identifying and verifying business problem, setting Thesis objective and reviewing the existing company IT Govern-ance practices for grounding the first version of the BSST.

Follow-up work. Creating framework, adjusting the company ex-isting practices for Version 1 based on the data collected from discussions and the available best practices.

Round 2

(Appendix 2)

Meetings. Meeting and discussions with IT Unit Heads and 3 ad-ditional individual meetings with experts to introduce, validate and verify Version 1 and collect the data for developing Version 2 based on these discussions.

Follow-up work. Version 2 is suggested based on the improve-ments for Version 1 and following the data analysis from discus-sions with respondents and the available best practices.

Round 3

(Appendix 3)

Meetings. Meeting and discussions with IT Unit Heads, 6 addi-tional individual meetings with experts and finally 4 interviews in a questionnaire mode with the proposed model members to vali-date and verify Version 2.

Input for final Version 3 is collected based on the improvements for Version 2 and the data analysis from the discussions with re-spondents and the available best practices.

Page 69: Operational Level IT Governance Model - Theseus

67

This multistage development process started from the overview of the existing BSST

practices in the case company and resulted in the development of the proposed new

model. The stages of the development process are summarized in corresponding ap-

pendices. The overview of the development stages are presented below.

5.2 Existing BSST Practices in the Case Company

The starting point for the proposed IG governance model development was discussed

in Section 4. It was stressed that the current IT governance model needs to be

changed. It was described that the new proposed operational level IT Governance

model (BSST) is introduced within the new MoO in the case company. It was also

stressed that BSST is not planned to own IT governance processes but to enable and

secure value co-creation in the newly created service ecosystem, based on the new

commercial contract.

As a starting point, in the existing BSST model, the processes are limited to ITIL v3

based ITSM processes for IT service provisions only. This means that the existing

BSST is built of the processes supportive to other tactical and strategic governance

processes. It is intended for empowering strategy execution, from the service provision

perspective, within the agreed SLA KPIs in contract to secure only the agreed, ade-

quate level of IT service provision. As discussed in Section 4, for enabling value co-

creation and paradigm shift to SD logic, there should also be other commonly shared

KPIs introduced. These common KPIs are currently out of scope from the BS perform-

ance management process and from the current BSST overall responsibility.

To sum up, currently, the purpose of the BSST and BSST processes is limited to secur-

ing only adequate level service provision with newly selected vendors in the ecosys-

tem.

5.3 Improving BSST Practices in Version 1 of the Model

During the discussions in Round 1 (Appendix 1), respondents highlighted the key suc-

cess factors for the new proposed BSST model, and recommended what need to be

analysed and implemented. They stressed that the current roles and basic level of re-

Page 70: Operational Level IT Governance Model - Theseus

68

sponsibilities in the existing BSST are aimed at monitoring day-to-day service provision

performance only.

In Round 1, they came to the conclusion that the existing BSST was not planned to be

part of the joint (company + users + vendors) governance in the ecosystem. The cur-

rent BSST purpose was to support other tactical and strategic governance processes

as ITSM management processes. Therefore, a new governance model could be placed

in a joint sphere in the ecosystem for enabling value co-creation by these key mem-

bers. Following these insights, the development on the new BSST started.

First of all, the current governance processes were reviewed and the necessary ones

suggested to be added into scope of BSST. Secondly, the currents roles and their re-

sponsibilities were defined for executing selected governance processes. These roles

were given seats in the BSST. Relevantly, responsibilities were improved and based on

the selected roles for being able to execute BSST governance processes. While doing

so, the researcher summarized the key concerns raised by the participants as for de-

veloping the efficient and applicable IT Governance model. These key points are pre-

sented in Table 4.

Table 4. Key questions to be answered for developing efficient IT Governance Model.

Topic Key questions

Service Ecosystem: Stakehol-

ders

Which are our stakeholder segments?

How do we maintain and continuously improve stake-

holder relationships?

What are the channels to communicate and deliver

value propositions?

Service Ecosystem: Value

Proposition

What value do we deliver to the stakeholder?

Which stakeholders’ problems we are solving?

What are the services created for the stakeholders?

What are we offering to our stakeholders?

Service Ecosystem: Key Part-

ners

What are the key suppliers and vendors?

IT Governance: Roles and

Responsibilities

What are the responsibilities and expectations?

Which IT governance processes need to be sup-

ported or utilised?

Page 71: Operational Level IT Governance Model - Theseus

69

What the key roles and their descriptions?

How many people needed in the steering team and

what is the structure?

IT Governance: Performance

Management

What are the key activities needed to produce the

deliverables?

Why performance management is needed?

What deliverables are need to be monitored, meas-

ured and followed?

Setting targets:

Which governance and management processes need

to be linked and taken in scope?

What are the key performance indicators to be intro-

duced for following up financial and strategic devel-

opment?

How to secure IT and Business strategy alignment all

the way?

What are the business expectations and how to cap-

ture them?

Following up:

What are the adequate level thresholds (for stick and

carrot) for monitoring and measuring performance?

Is it enough to utilise existing KPIs only?

Is there a need for additional KPIs?

How to monitor level of continues development

through service innovations?

What tools to be used for reporting and monitoring

development?

IT Governance: Interactions How should we collaborate in the service ecosystem?

What could be the main interfaces and collaboration

practices?

What tools or technology could be used?

What information needs to be exchanged internally

and externally?

What content should be shared for securing steering

team accountability?

Page 72: Operational Level IT Governance Model - Theseus

70

As seen from Table 4, there were many questions raised which needed to be answered

in the development of the conceptual framework for the model. As a result, the first

version of conceptual framework and the following Version 1 of the proposed model

focused only on people and process topics. Answers sought from these respondents’

requirements were set in the discussions in Round 1 (Appendix 1). Therefore, some

new governance processes (purple colour) were added in the scope of the proposed

model as illustrated in Figure 32 below.

Figure 32. Newly added governance processes in Version 1 of the model.

As seen from Figure 32, the newly added governance processes (highlighted in purple)

increase responsibility of the BSST and define the new roles to take seat in BSST as

members. The first process is Manage IT Assurance which will secure QoS by closely

following the development of the service provision to meet adequate levels. The sec-

ond process is the Manage Stakeholder Issue process which will ensure recovering

from interruptions in service provision efficiently and taking necessary actions to pre-

vent similar issues in the future. The third one is Manage Performance which will en-

sure that ecosystem members are delivering, as a minimum, the expected level of ser-

vice, in addition to following progress on the value co-creation in the ecosystem, based

on collaboratively defined KPIs in the contract. The fourth process is the Manage De-

mand process for ensuring that business and IT demands are captured, prioritised and

Page 73: Operational Level IT Governance Model - Theseus

71

implemented by the ecosystem members on time. The fifth one is the Manage Contin-

ual Improvement process which will secure capturing, analysing, prioritising and im-

plementation of innovation and encouraging inspirations and continual improvement in

IT services on the level of technological changes.

Table 5 summarizes the first version of the BSST model developed based on the re-

spondents’ feedback and requirements formulated in Round 1.

Table 5. The Version 1 of the BSST in the case company.

Schedule Every second week of the month, 3 hours

Purpose - Leading BS development, performance and optimisation based on KPIs - Capturing and implementing business demands

- Securing stakeholder perception - Ensuring value co-creation and equal wealth in ecosystem

Chair Business Service Owner – Business

Secretary IT Service Owner – IT

Partici-

pants/Roles

- IT BS Stakeholder Manager

- IT BS Business Analysts - IT Transition Manager

- IT Enterprise Release Manager - IT Transformation Manager

- IT Enterprise Architect - Service Integrator Vendor Representative

- ADM Vendor Representative

Agenda

Decisions &

Responsibili-

ties

BSST Meeting Agenda;

- Opening and business regards (Stakeholder Perception) ->Business Owners

- Action points follow-up ->All

- Ideas, demands, initiatives review and Go / Not Go decision making->All

- On air issues->All

- Service Level Management KPIs review and approval->Vendor

- Run financial development review and approvals->IT Service Owner

- Build financial development review and approvals-> IT Stakeholder Manager

- Projects’ status review and necessary approvals->IT Business Analysts

- Overall roadmap and portfolio review and alignment -> IT Enterprise Release Manag-

er

- Transformation initiatives review -> IT Transformation Manager

- Enterprise architecture alignment -> IT Enterprise Architect

- Service Integrator status reports and approvals->SI Vendor representative

- ADM Vendor deliverables status reports and approvals ->ADM Vendor

- Transition status review-> IT Transition Manager

- AOB.

Escalations, Proposals Capability Cluster Steering Team

Page 74: Operational Level IT Governance Model - Theseus

72

As seen from Table 5, in Round 1, the BSST purpose, roles and responsibilities were

defined following the respondents’ vision. As an example, for securing efficient De-

mand Management process, the Business Analyst role was given a seat in BSST.

Since there is link to other enterprise governance processes within the case company,

some roles were suggested a seat in BSST for enabling transparency as promised to

implement. For example, IT Enterprise Architect was given a seat to align BS architec-

tural decisions with the enterprise level Architecture Management process. BSST was

also invited to meet monthly for steering management and governance processes.

This Version 1 of BSST was developed in Round 1 and subsequently introduced to the

experts in Round 2, for further data collection and improvements suggestions.

5.4 Developing Version 2 of the BSST Model

Version 1 of the BSST was warmly welcomed by the case company experts and more

data was collected in Round 2 (Appendix 2) for further model development.

The case company’s experts highlighted importance of finding answers to other key

questions introduced based on the stakeholders and key partners meetings and the

value propositions perspective (introduced in Section 5.3, in Table 3). They argued

that, in addition to answers to concerns raised with Table 3, Version 1 of the model

could further be improved based on their feedback in Round 2. The respondents

pointed specially to the need for the interactions space (Appendix 2, Memo 2) suggest-

ing community pages for enabling transparency and visibility between BSST, user

community and stakeholders in the service ecosystem.

Based on data and requirements collected in Round 2, BSST community pages were

introduced into the model for communicating the value of IT and enabling transparency

to all stakeholders in the ecosystem. Figure 33 shows the community pages as interac-

tion space for the service ecosystem members.

Page 75: Operational Level IT Governance Model - Theseus

73

Figure 33. BSST community page as interaction space for the service ecosystem

members.

As seen from Figure 33, the proposed community page is planned to enable transpar-

ency for BSST decisions, outcomes of the governance and management processes,

such as monthly KPI development and approvals in ecosystem in real time, which was

one of the respondents’ key concerns. Additionally, the service ecosystem members

will have visibility to all BSST relevant documentation and reports, and will be capable

to follow all relevant governance processes outputs. This community page will also

allow the stakeholders and user community to interact with BSST for introducing de-

mands, innovations and improvement ideas. In other words, BSST community page will

be a dashboard where the level of service provision and value co-creation will become

transparent. Importantly, it was suggested that this visibility should be upgraded on a

monthly basis for a single BS, compared to the current six months period for reporting

at CCST level, which does not meet the stakeholder expectations.

Additionally, in Round 2, the BSST purpose and deliverables were further improved

based on further requirements received for roles and responsibilities (Appendix2,

Memo 2, 4, 5). Visitor seats were granted for the new supportive roles of IT Perform-

ance Assurance Manager, Business Stakeholder and Supplier Account Manager who

will join BSST meetings when required. These supportive roles are once again needed

Page 76: Operational Level IT Governance Model - Theseus

74

in BSST to enable linking, collaboration to/with other strategic and tactical governance

processes on demand. For example, it was suggested that Supplier Account Manager

might be a member of the Cross-Vendor Performance Assurance Steering Team and

whenever supplier specific issue is raised in BSST, then issue can be reviewed, han-

dled by Supplier Account Manager in both forum for corrective activities to be taken

E2E. Or not a member of any steering team but a member of the service ecosystem

currently experiencing challenges can be invited to a BSST meeting, because of that

specific supplier issue, and then a seat will be granted to discuss challenge with whole

BSST members.

Thus, in Round 2, Version 2 of the BSST was introduced to the company and vendor

subject matter experts for collecting feedback and data. Meanwhile, the first monthly

BSST meeting based on Version 2 invited experts to validate its operability.

5.5 Validation with the Experts

In Round 3 (Appendix 3), the second version of the model was validated with the case

company and vendor subject matter experts, and enhanced based on the data col-

lected in Round 2. Additionally, a monthly BSST meeting was held to validate its oper-

ability. This evaluation was crucial to find out if BSST would function as it meant to be

for enabling value co-creation. In this round, in addition to discussions, four question-

naires were executed within Discussions 13 (Appendices 3, Questionnaire 1-4) with the

BSST key members who attended to the first meeting; thus, the final proposal of the

BSST model was verified.

Summing up, Section 5 overviewed the development process of the new IT govern-

ance model based on the meetings, interviews, discussions, as well as the results of

four questionnaires conducted in the case company, grounded in the findings from the

literature and best practices which led to the creation of the proposed model.

In all three rounds, similar expectations and requirements were raised calling for the

enhancement and empowerment of the proposed model. These requirements were

embodied in the three basic features of the proposed BSST model, namely the roles

and responsibilities, performance management and interactions space via community

pages.

Page 77: Operational Level IT Governance Model - Theseus

75

6 Final Proposed Model for IT Governance in the Case Company

This section presents the new model for IT Governance developed for the case com-

pany and improved after the validation round with the experts.

6.1 Overview of the Proposed Model

This study proposes the Operational Level IT Governance Model (Business Service

Steering Team) BSST for value co-creation in NSN IT ecosystem which is built based

on the extensive partnership principle. The model is grounded in the NSN IT strategy,

analysis of literature and best practice for IT Governance, and the NSN IT current prac-

tices analysis.

NSN IT introduced a new strategy called Leaner IT as a true business partner as part

of corporate restructuring efforts overviewed in Section 1. The aim of this strategy is to

develop a healthy and efficient ecosystem based on partnership approach and enable

paradigm shift from value-in-exchange to value co-creation based on SD logic. This

move should lead to enabling significant cost savings without jeopardising the quality of

service and business continuity. A considerable part of those savings will be utilized for

developing innovative solutions in order to re-new the enterprise architecture and in-

crease productivity. The instrument to achieve this goal is to establish extensive part-

nership with the newly selected vendors, through a new commercial model. Following

the results of this model, this strategy is hoped to re-position NSN IT as a true business

partner and improve collaboration and partnership in an ecosystem with vendors in the

future. This intent led to a business problem of this Thesis, which is to suggest a new

operational level IT Governance model (Business Service Steering Team) for applying

the contract arrangements in real life, which will be done by following up performance

and development, and steering ecosystem actors for better value co-creation.

Based on the literature analysis, it is clear that, in the 3rd generation outsourcing, IT

Governance processes are required to identify, manage, audit and disseminate all the

information related to the outsourcing contract whilst controlling the relationship within

the organisation and between the client organisation and the service provider. Follow-

ing it, strategic alignment between the parties within service ecosystem will generate

Page 78: Operational Level IT Governance Model - Theseus

76

value for all, which can be secured by collaboratively developed contents of the con-

tracts, such as E2E KPIs for performance management, roles and responsibilities in

governance bodies. An integrated Enterprise IT Governance process have linkages

between and operates based on each others’ inputs and outputs. That is why Business

Service Steering Team governance and management processes need to be integrated

to other enterprise processes and the relevant roles and responsibilities for securing

E2E visibility and integration between processes. As a result, IT governance model is

moved into a Joint Sphere in the service ecosystem (see Figure 34 below), where the

user community and IT service providers as one body will meet to co-create value.

Based on the case company analysis, it is noticed that the current roles and responsi-

bilities, as well as governance and management processes are defined at adequate

level in the new MoO. Moreover, the importance of executing strategy at operational

level was also bypassed. The current Business Service Steering Teams are the first

touch point with the user community to whom IT services are provided and with whom

value can be co-created. Additionally, the current Business Service Steering Team

governed and managed processes were not linked to strategic and tactical governance

processes, as it should be within integrated IT Governance processes.

The proposed Business Service Steering Team moves into the Joint Sphere of the ser-

vice ecosystem as shown in Figure 34.

Figure 34. Location of the Proposed BSST in the joint sphere of service ecosystem.

Page 79: Operational Level IT Governance Model - Theseus

77

As illustrated in Figure 34, the proposed IT Governance model Business Service Steer-

ing Team consists of governance and management processes as responsibilities which

are driven by roles. The outputs of these governance and management processes are

monitored, followed and corrective actions suggested by utilizing performance man-

agement tools such as collaboratively developed KPIs with partners in ecosystem.

These activities and outputs are reported and service innovations are discussed with/to

the user community via own interactions space to secure transparency. These key fea-

tures of the proposed model moves Business Service Steering Team into the Joint

Sphere of the case company ecosystem, as illustrated in Figure 34 above.

The focus areas and responsibilities of the proposed Business Service Steering Team

are shown in Figure 35 below.

Figure 35. BSST focus areas and responsibilities.

Figure 35 illustrates the main BSST governance and management processes mapped

to focus areas and their gained responsibilities. The focus areas include stakeholder

engagement, planning and direction setting, managing performance, managing con-

tract and service provision at operation level. BSST involvement with these focus areas

is enabled by the newly defined roles and responsibilities in the proposed model. This

arrangement secures that all deliverables aligned with strategy of the company, IT and

ecosystem are visible to all ecosystem members through the direct involvement and

taking seat in BSST for joint value co-creation. This logic is build on COBIT governance

processes and ITIL service management processes described in Section 4, and devel-

ops into the existing case company operational IT Governance model (Business Ser-

Page 80: Operational Level IT Governance Model - Theseus

78

vice Steering Team). It is chosen to ensure that the processes in the service ecosys-

tem integrity are applicable in the ecosystem with different actors.

The main building blocks of the model are represented by the following elements.

6.2 Roles and Responsibilities

New roles and relevant responsibilities are added to the proposed model (BSST) to

implement the IT governance processes as shown in Figure 35 above.

In the final version of BSST, for facilitating accountability, mandate, decision making,

approval, strategic alignment, performance management, the seats are given to the

following key roles listed in Table 6 Below.

Table 6. Roles and responsibilities in BSST.

Roles Responsibilities

BS Stakeholder Manager (IT) Stakeholder Manager is accountable for the successful business partnership be-tween NSN functions and IT, and ensures that IT always brings maximum value to these functions.

BS Business Analysts (IT) Works with business and Stakeholder Manager(s) to pro-actively understand the needs of the business as a whole and/or in a particular area of expertise, including a strategic direction. This role also com-pletes the required analysis tasks to take solutions on business problems/needs.

BS Service Owner (Business) Business representative in BSST; secures strategic alignment between business and IT.

BS Service Owner (IT) Accountable for the entire lifecycle of a Business Service including its operational and financial performance.

Enterprise Release Manager (IT) Drives changes and change implementa-tion that touches multiple capabilities, business services or stakeholder groups and ensures the desired end-user experi-ence in deploying a new service or pro-cess capabilities to the organization.

Transformation Manager (IT) Responsible for planning and executing the IT transformation aligned with the IT strategy and the NSN business priorities.

Page 81: Operational Level IT Governance Model - Theseus

79

Performance Manager (IT) Accountable for successful IT process performance and continuous improvement against IT benchmarks.

Enterprise Architect (IT) Accountable for driving the evolution of the Enterprise Architecture on the NSN level for NSN units and identifying busi-ness capabilities.

Service Integrator Vendor Representative Measures and reports on BS KPIs, steers service providers and acts as a single point of contact to NSN IT for service pro-visions.

ADM Vendor Representative Ensures QoS, smooth and efficient ser-vice provision; introduces innovations and demands captured from daily operations.

Table 6 details the roles and responsibilities stressed within the new BSST model in

ecosystem. As an example, Stakeholder Manager secures successful business part-

nership between the case company business and IT organisations, while Business

Service Owner secures strategic alignment. Business Analyst supports BSST with en-

suring business requirements translated in IT requirements and implemented. Finally,

Service Owner secures BS financial and operational performance with vendor repre-

sentatives.

These ten roles execute their tasks independently, in several IT Governance processes

introduced in Figure 35. However, these roles will meet in different forums on daily ba-

sis for activities which require input from each others. These forums and meetings are

also needed on demand or regularly for reviews, approvals, decision makings or en-

forcing to execute activities needed for IT governance or management processes mile-

stones. These milestones review meetings enable alignment between activities by cap-

turing and linking outputs and inputs of the processes to secure value delivered for

everyone through value co-creation. That is why these roles and responsibilities are

meant to secure value co-creation expectations. Value co-creation and measuring out-

puts of the processes as generated value can be achieved only with ecosystem mem-

bers, especially those who are representing their organisations in the proposed gov-

ernance model BSST and working together in partnership.

Currently, operational management of IT Services, ITSM is outsourced to different

vendors. These vendor representatives are also given seat for securing own wealth by

evaluating achievements and failures against the set targets around the BSST table.

Additionally, they are responsible for reporting and securing operational excellence

while proposing innovative solutions for better productivity. This means vendor repre-

Page 82: Operational Level IT Governance Model - Theseus

80

sentatives should be capable of taking Service Owner, Stakeholder Manager and

sometimes Business Analyst roles and responsibilities in BSST, from their organisation

perspective. It is important that equivalent logical roles and responsibilities should be

present at each level in both the case company and vendors to identify early indica-

tions of risk and ensure that proper management can take place through resolution.

The need for equivalent logical roles in service ecosystem can be illustrated with the

BSST Manage Demand governance process as seen in Figure 36. The Manage De-

mand process is crucial from the service innovation and continual improvement per-

spective. The needs and opportunities should be initiated from any role in ecosystem,

and each BSST role should have competence to innovate.

Figure 36. Manage Demand governance process in the scope of BSST.

Figure 36 illustrates how demand is managed by BSST by its individual roles. The

need or opportunity should be encouraged to capture and be raised by any role such

as user community in ecosystem. There are different motivations behind that, such as

for vendors to create monetary value with their implementation projects or reducing

Page 83: Operational Level IT Governance Model - Theseus

81

maintenance efforts by introducing maintenance free solutions. In any case, service

innovation is the key success factor of cost saving and increasing productivity. That is

why all the BSST roles are directly or indirectly involved with this process among the

other introduced ones.

In the Manage Demand process, Stakeholder Manager and Business Analyst capture

and validate demand, and decide on the type of demand such as urgent, minor or ma-

jor. In case the demand is urgent and unplanned, Enterprise Release Manager aligns it

with the enterprise roadmap and arranges financial support and Service Owner initiates

Control Release Implementation process, which is not in focus of BSST and taken care

by other IT units. In case it is minor demand, then it is just implemented. If it is major

demand, with major change needed, then vendors analyze its technical and financial

impact and introduce it to BSST. Finally, BSST approves, postpones or rejects imple-

mentation based on one of these decisions. Another governance process, called Initi-

ate Release Implementation process, is not anymore directly in scope of BSST. Here

again, more visibility comes through more linkage between the integrated Enterprise IT

Governance processes and BSST governance processes.

In summary, the Manage Demand process illustrates an example a lifecycle of the de-

mand, decision points and linkage to other governance processes where the BSST

members jointly agree on service innovations, based on their defined roles and re-

sponsibilities. Execution excellence of the processes in scope of BSST needs continu-

ous improvement based on the findings as output of performance management.

6.3 Performance Management

Performance Management as one of the key features of the proposed model is needed

for improving IT service provision continuously to meet rapidly growing productivity

requirements, cost efficiency demands, in addition to legal obligations within outsourc-

ing contract in service ecosystem. The newly introduced SLA, enhanced with E2E and

commonly shared KPIs in ecosystem, are the spirit and fundamental principles of the

new contractual agreement (as described in Section 4). It represents the new way of

working in ecosystem as partners for enabling value co-creation based on jointly de-

veloped targets. Thus, managing performance of the ecosystem is essential for secur-

ing that commonly shared targets and objectives are achieved and corrective actions

are taken on time to prevent failure by using performance monitoring tools like IT BSC.

Page 84: Operational Level IT Governance Model - Theseus

82

BSST, with its new roles and responsibilities, can regularly set up and adjust targets

with business. In the case company, these targets are mostly related to activities, ob-

jectives relevant to increasing productivity in core and strategic business areas, such

as MBB, while saving cost from other business areas (as discussed in Section 1).

However, these targets need regular follow up and adjustment based on the case

company customer segment and BSST need to be capable of adjusting own targets

within business organisations. BS adaption to these changes are monitored and re-

ported with Stakeholder satisfaction index in the IT BSC be means of performance

management.

BSST can follow performance and development through the defined BS-level E2E and

common KPIs (discussed in Section 4). They are intended to ensure appreciable, ade-

quate and committed level of SLM performance in ecosystem. ITSM activities will be

executed by selected vendors and need to be monitored and reported jointly and regu-

larly in BSST for taking necessary actions to meet and exceed expectations. These

jointly developed reports contain information about user amount, service request ticket

amount, incident ticket amount, implemented demands, known problems, financial

plans and actual costs. These items are crucial from continues IT service improve-

ments perspective by sensing the need and taking actions on time. Additionally, inno-

vations, demands that are executed in project mode will be reported to BSST regularly

by Business Analysts for securing excellence of execution.

As stated earlier, the target of the BSST is to develop an ecosystem based on partner-

ship and enable paradigm shift to value co-creation, coupled with significant cost sav-

ings and introducing innovative solutions for increasing productivity. SI Vendor is ac-

countable to report all KPIs’ development on a monthly basis to BSST, based on vari-

able score cards and thresholds agreed in the contract such as end-to-end service

availability. BSST has a mandate to approve or reject achievements and ask for further

analysis and corrective actions from any of the ecosystem member. For example, if SI

Vendor fails to deliver one of the KPIs to NSN IT Unit or ADM vendor, then BSST has

a mandate to ask for corrections as agreed in the contract. A similar mandate is given

to BSST also for preventing violations such as not sharing resources to enable value

co-creation in ecosystem with supporting other member in problem areas.

Page 85: Operational Level IT Governance Model - Theseus

83

Accountability of the BSST increases with enabling transparency via interaction spaces

for performance management outputs no matter if they met to target or not, in addition

to all other information to be shared or captured in ecosystem.

6.4 Interactions with Community Pages in Ecosystem

Dialogue and transparency are the one of the most important building blocks of value

co-creation within the ecosystem community. It happens because those increase ac-

countability of the BSST, in addition to improving information exchange, which is crucial

for service innovations and existence of the BSST perspective. It is important that there

is a jointly agreed and maintained (from the content perspective) and easily accessible

interaction space tool for the ecosystem community, and it is proposed here as the

BSST community pages.

The BSST community page tool is enhanced through/by means of web-pages that are

easily reachable and accessible for any of ecosystem members. These community

pages should contain any BS relevant information to be exchanged such as all per-

formance management reports as BSCs can be available through BSST web-pages, in

addition to initiatives introduced and jointly judged from the implementation perspective

and steered in BSST. An example of BSST community page is shown in Figure 37.

Page 86: Operational Level IT Governance Model - Theseus

84

For internal use only4 © Nokia Siemens Networks

Metrics and targets

Initiative: Deploy common Product Backlog and resource management Owner: Heads of R&D (Devel., I&V, SyVe) Initiative lead: Reijo Alaraudanjoki

Key changes

t

Estimated impact

From

No common IT application for backlog management. As a result BLs creating their own solutions.

Lack of syncronizationfrom Platforms to BLs and between BLs.

Integrating the pipelines and resource balancing to backlogs causes huge manual effort to BLs.

To

IT supported backlog tool with database benefits, secured access rights and user roles to support agile approach.

Backlog schedule synchronization in same database.

Integrated backlog and resource management. Resource demand and resource capacity in same tool.

Visibility to release total release / feature effort.

Benefit

Reducing hidden IT cost and manual work by deploying common application.

Effort saving due to less reporting and testing effort via synchronizing the release planning and

implementation.

Reduced manual work.

Metric name From To Tracking scheme

KPI RDE Gain Monthly

Operational metrics (examples)

Can be tracked by deployment coverage by L4. Target deployment level 80% of R&D L4s.

0 80 Monthly by IT program

M EUR Description

2013 2,5 Estimated cost saving impact 2.5M€ (R&D opex).

2014

Approach

•Deploy common backlog tool A360 to BLs to support the planning, prioritization and tracking R&D development backlogs (e.g. decided features and change requests).

•Deploy common resource mgmt tool A360 to BLs to support backlog management.•Proof of concept for RD OPEX planning and follow-up. Implementation plan done.

Objective

•Deploy common MBB wide Product Backlog and resource management concept and tool to enable synchronized feature prioritization and development between BLs and Platforms. Provide consistency in programs fol low up and reporting.

Figure 37. An example of the BSST community page.

As seen from Figure 37, these web-pages are used as one of the initiatives for an ap-

plication deployment project which is jointly decided to be executed and monitored

regularly with in BSST. This community page can be a subset of the main BSST com-

munity page, it may have the sections answering why, what, when and how questions

raised from anyone in the BSST ecosystem. These pages aim to secure positive

stakeholder perception by delivering real time information and giving, though indirectly,

a seat in BSST for all stakeholders. Through information exchange, community pages

can share information with the ecosystem members which is crucial for decision mak-

ing or action taking.

Page 87: Operational Level IT Governance Model - Theseus

85

In summary, the new operational level IT governance model (BSST) is introduced with

the purposes of: a) leading Business Service development, performance and optimisa-

tions, b) capturing and implementing demands, c) securing positive stakeholder per-

ception, d) ensuring equal wealth and enabling value co-creation in ecosystem with the

above described elements, features and processes at operational level of IT Govern-

ance. These suggestions by the proposed model are summarized in Table 7 below.

Table 7. The proposed operational level IT Governance model (BSST).

Schedule Every third week of the month, 3 hours

Purpose - Leading BS development, performance and optimisation based on KPIs - Capturing and implementing business demands

- Securing stakeholder perception - Securing equal wealth in ecosystem based on Win-Win approach

Chair Business Service Owner – Business

Secretary IT Service Owner – IT

Participants/

Roles

- IT BS Stakeholder Manager - IT BS Business Analysts

- IT Transition Manager - IT Enterprise Release Manager

- IT Transformation Manager

- IT Enterprise Architect - Service Integrator Vendor Representative

- ADM Vendor Representative

Agenda

Decisions &

Responsibilities

BSST Meeting Agenda;

- Opening and business regards (Stakeholder Perception) ->Business Owners

- Action points follow-up ->All

- Ideas, demands, initiatives review and Go / Not Go decision making->All

- On air issues->All

- Service Level Management KPIs review and approval->Vendor

- Run financial development review and approvals->IT Service Owner

- Build financial development review and approvals-> IT Stakeholder Manager

- Projects’ status review and necessary approvals->IT Business Analysts

- Overall roadmap and portfolio review and alignment -> IT Enterprise Release Manager

- Transformation initiatives review -> IT Transformation Manager

- Enterprise architecture alignment -> IT Enterprise Architect

- Service Integrator status reports and approvals->SI Vendor representative

- ADM Vendor deliverables status reports and approvals ->ADM Vendor

- Transition status review-> IT Transition Manager

- AOB.

Escalations,

Proposals

Capability Cluster Steering Team

Page 88: Operational Level IT Governance Model - Theseus

86

7 Discussion and Conclusions

This section summarizes the results of the Thesis and suggests a number of recom-

mendations for the management of the case company. It also evaluates the results of

the Thesis in terms of reliability and validity of the research done. Finally, it identifies

the next steps and suggests possible directions for future development.

7.1 Summary

This Thesis concentrates on improving the case company’s existing operational level IT

Governance model for enabling and securing value co-creation in the newly created

ecosystem. The improved operational level IT governance is needed to develop a

healthy and efficient ecosystem based on the new partnership approach and to enable

paradigm shift from value-in-exchange to value co-creation. This paradigm shift aims at

enabling significant cost savings without jeopardising quality of service provision and

business continuity. A considerable part of these savings will be used for providing in-

novative solutions to re-new the enterprise architecture. This renewal should lead to

higher stakeholder satisfaction through better productivity achieved in partnership with

the newly selected vendors, thought the new commercial model applied in outsourcing

contract.

Previously, in the case company the first wave of outsourcing, which was based on

classical value-in-exchange principle, did not generate the expected savings or initiate

the long-awaited innovative solutions. This wave was grounded in the provision of safe,

low-risk quality solutions and cost saving. Following the first wave, the second wave is

planned to continue with the 2nd generation outsourcing for the remaining 60-70% of IT

employees, with IT services going to external service providers Atos and Wipro. Suc-

cess of this model is heavily reliant on customer and supplier working in extensive

partnership, with the relationship being predicated on mutually adding value and ena-

bling value co-creation.

Currently, the challenge in IT service provision is the co-creation and provision of IT

services that are made up from different components and functions as single interface

to the client. In this framework, the service receiver is more likely to be interested in

quality of service (QoS) rather than the service provider itself. That is why it is impor-

tant to understand that value co-creation among service systems is a service for ser-

Page 89: Operational Level IT Governance Model - Theseus

87

vice exchange that reframes the relationship between the paradigms of value-in-

exchange, value-in-use and value co-creation. Achieving stronger competitive position

and developing core competences as part of value co-creation is most likely to occur

through utilisation of the external and internal environment innovations by sensing, so-

lution knowledge and transforming them to real life, which can be easily achieved by

applying partnership principles within a SD logic based service ecosystem. This study

aimed to apply this logic to the case company situation.

This study starts with introducing background of the case company, business problem

(the need for operational level IT Governance model to ensure strategy execution) and

the objective of study which is the development of the new model. That is followed with

description and reasoning of the research method, data collection, data analysis and

validity and reliability considerations. The model development starts with over viewing

SD Logic, value co-creation and best practices in IT Governance models described in

literature, and analysis of the case company current practices. Finally, after the model

is proposed, the development process is described for versions 1-3 of the proposed

model, with the proposal of the final model to the case company as the last version.

The research approach applied in this study is action research. The model develop-

ment is done in three iterations of development and verification of the model (for the

creation of Version 1, 2 and 3, in three action research cycles). The data used for the

development of the versions are collected in the interviews, discussions and question-

naires in the case company.

The outcome of the Thesis is a proposal for a new operational level IT Governance

model for the case company. While working on this Thesis, the proposed model was

approved and decided to be applied in the new MoO during this Thesis work. The pro-

posed new model is based on the case company practices, COBIT, ITGI and ITIL prin-

ciples, and it provides the means to meet the strategy formulated in the outsourcing

contract. In addition, this study suggests a set of managerial implications that can help

to successfully implement the proposed model in practice.

The model was called Business Service Steering Team (BSST) based on the concep-

tual framework developed from literature analysis and the results of investigation of the

vision in the case company. One of the significant results of the case company analysis

was an unrecognising importance of the strategy execution at operational level. The

Page 90: Operational Level IT Governance Model - Theseus

88

study also stressed that the current operational level IT governance model BSST is

meant to secure the adequate level service provision with selected vendors. It is based

on a set of KPIs which are insufficient to monitor the performance in the new contract

to be E2E in ecosystem. This study argues that the current approach is insufficient for

the case company and introduces model with a number of new key features. These key

features include roles and responsibilities, performance management and interaction

space intended to move BSST into a joint sphere of the ecosystem where BSST can

secure value co-creation and value facilitation based on SD logic.

7.2 Managerial Implications

The study also suggests a number of Managerial Implications (MI) for the case compa-

ny to put this proposal into practice.

MI-1, Commitment to the paradigm shift to value co-creation: Management com-

mitment for keeping the company on track, from the SD paradigm shift perspective, is

essential for enabling value co-creation and securing long term partnership in ecosys-

tem. This commitment should be transparent and grounded in concrete actions for mit-

igating competition related assumptions, such as forcing own organizations to resource

or start competence exchange for achieving the commonly agreed goals or proactively

supporting weak members of the ecosystem for better performing.

MI-2, Making sense of processes: Managers should ensure that for each IT Govern-

ance aspect a description of key components should be provided which would result in

consistent, repeatable, end-to-end and measurable processes. These processes must

be easy to understand, simplified and executable at any level of the organisation, in

addition to clearly defined ownership.

MI-3, Customer centric thinking: Managers should embrace the notion that consum-

ers can become partners in value co-creation. Only by letting go of the company-

centric view on value creation, once and for all, can companies proceed with the diffi-

cult and long-term work of making long-lasting reforms to the business system. Man-

agers need a major transformation in the way they conceive the tasks of value creation,

and then change how firms are organized. Therefore, management disciplines and the

relationships between these disciplines also need to be re-examined.

Page 91: Operational Level IT Governance Model - Theseus

89

MI-4, Enabling dialogue and transparency: Building blocks of value co-creation are

dialogue and transparency, which are also essential for BSST accountability, generat-

ing service innovation and continuous improvement. Managers should ensure that ad-

equate level of information is exchanged and process outputs are announced via the

interaction space to the service ecosystem community.

MI-5, Ensuring value delivered by IT: Managers should be capable to understand

and align business strategy with IT strategy continuously and show it with concrete

deliverables that are visible in business day-to-day work. This is needed to ensure

achievement of business sustainability and competitive advantage, supported by IT

through utilizing right resources in the right place in the best optimized way. The case

company goal of achieving significant cost savings by improving productivity with

smoother IT services requires continues analyses of business demands and its exter-

nal environment.

MI-6, Empowering BSST: Key features of the IT Governance model need to be em-

powered for keeping BSST in the joint value co-creation sphere of ecosystem. For do-

ing so, BSST mandate should be adjusted from the authority perspective with addi-

tional roles and responsibilities to better respond to rapidly changing demands. This

requires actions and commitment from management to continuously analyse BSST

place in the case company’s mode of operation and taking necessary actions proac-

tively.

7.3 Reliability and Validity

Rigour of research is typically evaluated in terms of reliability and validity of data collec-

tion and analysis methods applied in research. There are two types of validity of re-

search, internal and external validity. Internal validity also refers to face validity which

indicates whether a measurement tested what it was meant to be measured. Face va-

lidity can be low if, for example, in a questionnaire there may be questions that influ-

ence a participant to answer it in a specific way. That is why the questionnaire content

in this study was planned not to prevail over the interviews in order to enhance internal

validity.

In this study, validity was increased by taking a series of steps. Following the internal

validity, the study also addressed the external validity. It was done by applying the

Page 92: Operational Level IT Governance Model - Theseus

90

question formulated for evaluating external validity suggested by Quintone and Small-

bone (2006: 135-137) "How transferrable the results of research are?" to other organi-

sations in the case company. The external validity was also increased by focusing on

answering the research question formulated at the beginning of the study. Finally, the

external validity was increased by involving a broad range of experts from different IT

Units and vendor companies to the model development and validation, and by ensuring

that the new model is also applicable to other organisations in the case company.

Validity is important, especially internal validity, because without it the research findings

would not mean anything, as the investigator may not even be measuring what he/she

sets out to measure. That is why validity also needs to be improved by explicit, detailed

description of data collection and analysis. Data checks by experts, dealing the data

detail and reassuring an open mind approach and less predicted outcome also im-

proved validity of research, and these methods are applied in this Thesis.

The reliability of the research can be strengthened by applying the following principles:

using different data sources, and different data collection and analysis methods, aimed

to ensure that the same results would be obtained if done at a different point in time

(Quitone and Smallbone 2006:130). These principles were fully utilised in these study

while the interviews were organized and conducted, the data and feedback collected,

and the questionnaires held. Finally, to ensure maximum reliability of the proposed

model, the reliability was increased at the initial design stage, by studying a wide range

of sources of best practice in Section 3 for reliable model development.

Last but not least, the researcher is a member of the research organization, which is

typical of action research. The researcher is Service Owner for Business Service R&D

Product and Program Management Services in IT for R&D Unit, with more than 15

years of experience in different IT management roles. As a result, the proposed BSST

was, to a considerable extent, facilitated by the Service Owner role. The researcher

has held BSST meetings twice already to validate applicability of the proposed model

in operational level, and also involved the key BSST members to validate the model.

Validation results were encouraging and successful. Researcher is also involved with

latest outsourcing as a member of the negotiation team with deep insight into the ex-

pectations and targets on the case company side. The new service ecosystem effective

of May 2013 is created to fit this outsourcing contract and it is decided to be steered by

BSST in the case company, which refers to the reliability requirements fulfilled.

Page 93: Operational Level IT Governance Model - Theseus

91

References

Berry, L. L., Shankar, V., Parish, J. T., Cadwallader, S. and Dotzel. T. (2006). Creating New Markets Through Service Innovation. MIT Sloan Management Re view. Vol. 47 (2), 56-63.

Blaxter, L., Hughes, C. and Tight, M. (1996, 2002, 2006, etc.). How to Research. Buckingham, Philadelphia: Open University Press. 263 pp.

Bolton, R., Grewal, D., and Michael Levy, M. (2007). Six Strategies for Competing

through Service: An Agenda for Future Research. Journal of Retailing. 83 (1), 1-4.

Burtonshaw, S. A., Salameh M.A. (2010). Essential Tools for Organisational Per

formance : Tools, Models and Approaches for Managers and Consult ants. New Jersey: Wiley. 123 pp. Available: http://site.ebrary.com/lib/metropolia/Doc?id=10361131&ppg=5 (Accessed: 9th March, 2013).

Chesbrough, H. W. and Appleyard, M. M. (2007). Open Innovation and Strategy.

California Management Review. Vol. 50 (1), 57-76 Chesbrough, H. W. and Garman, A. R. (2009). How Open Innovation Can Help You

Cope in Lean Times. Harvard Business Review. Vol. 87(12), 68-76. Christensen, C. M. (2002). The Rules of Innovation. Technology Review. Vol. 105 (5),

32-38. COBIT (2011). Control Objectives for Information and Related Technology 5 Process

Reference Guide. Rolling Meadows: ISACA. Available: http://www.isaca.org/COBIT/Pages/COBIT-5-Framework-product-page.aspx (Accessed: 10th Feb, 2013)

Coghlan, D. and Brannick, T. (2002). Doing Action Research in Your Own Organiza-

tion. London : Sage Publications. 133 pp. Coghlan, D. and Coghlan, P. (2003). Acquiring the Capacity for Operational Improve

ment: An Action Research Opportunity. University Of Dublin. Vol 26 (2), 30-38.

Coghlan, D. and Meehan, C. (2004). Developing Managers as Healing Agents in

Organizations: A Co - Operative Inquiry Approach. Systemic Practice and Action Research. Plenum Publishing Corporation. Vol 17 (5), 407-423.

Enkel, E., Gassmann, O., Chesbrough, H. (2009). Open R&D and Open Innova-

tion:Exploring the Phenomenon. R&D Management. Blackwell Publishing. Vol 39 (4), 311-316.

Ferarrio,A. and Jüriado, R. (2012). Commitment-Based Modeling of Service Systems.

Institute of Cognitive Sciences and Technologies, CNR, Laboratory for Applied Ontology. Available: http://vmbo2012.isis.tuwien.ac.at/wp-content/uploads/2011/07/vmbo2012_submission_12.pdf (Accessed: 12th Feb, 2013)

Page 94: Operational Level IT Governance Model - Theseus

92

Fyrberg,A. and Jüriado, R. (2009). What About Interaction? Networks and Brands as Integrators Within Service-dominant Logic. Journal of Service Manage-ment. Vol. 20 (4), 420-432.

Heinonen, K., Strandvik, T., Mickelsson, K.-J., Edvardsson, B., Sundström, E., and

Andersson, P. (2010). A Customer-Dominant Logic of Service. Journal of Service Management. Vol. 21 (4), 531-548.

Helkkula, A. (2010). Characterizing the Concept of Service Experience. Journal of Ser-

vice Management. Vol. 22 (3), 367-389. Huhta, M. (2012). Research skills for Master’s Thesis – The How? Lecture: Helsinki

Metropolia University of Applied Sciences.

Huhta, M. (2013). How Can I Tell if My Research is Any Good? Qualitative methods cont’d: Lecture. Helsinki Metropolia University of Applied Sciences. 7th of Dec 2012.

Gartner (2013). IT Glossary Avaliable: http://www.gartner.com/it-glossary/it-services/

(Accessed: 23rd Feb, 2013) Grönroos, C. (2012). Reinventing Marketing: Marketing as Promise Management: Lec-

ture. Metropolia University of Applied Science, Hanken School of Econom-ics Finland. 13th Oct, 2012

Grönroos, C. and Voima, P. (2011). Making Sense of Value and Value Co-Creation in Service Logic. Journal of Service Management. Vol.20, 1-31. Grönroos, C. and Ravald, A. (2011). Service as Business Logic: Implications for Value Creation and Marketing. Journal of Service Management. Vol. 22 (1), 5

-22. ITGI (2003). Measuring and Demonstrating the Value of IT. IT Governance Domain

Practices And Competencies. Rolling Meadows: IT Governance Institute. Available: http://www.isaca.org/Knowledge-Center/Research/Documents/MeasurandDemoValueofIT.pdf (Accessed:13th Feb, 2013)

ITGI (2005a). Governance of Outsourcing. IT Governance Domain Practices and

Competencies. Rolling Meadows: IT Governance Institute. Available: http://www.isaca.org/KnowledgeCenter/Research/Documents/Outsourcing.pdf (Accessed: 13th Feb, 2013)

ITGI (2005b). Optimising Value Creation From IT Investments. IT Governance Domain Practices and Competencies. Rolling Meadows: IT Governance Institute. Avaiable:http://www.isaca.org/KnowledgeCenter/Research/Documents/optimising-value-creation-from-IT.pdf (Accessed: 15th Feb, 2013)

ITIL Official Web Site (2013). Information Technology Infrastructure Library. Available: http://www.itil-officialsite.com/ (Accessed: 23rd Jan, 2013)

Kambil, A., Friesen, G.B., Sundaram A. (2010). Co-Creation: A New Source of Value.

International Journal of Electronic Commerce. Vol.15(1), 11-48

Page 95: Operational Level IT Governance Model - Theseus

93

Kanter R.M. (1994) Collaborative Advantage: The Art of Alliances. Harvard Business

Review Vol. 3. 182-197

Lovelock, C. and Gummesson, E. (2004). Whither Services Marketing? In Search of a New Paradigm and Fresh Perspectives. Journal of Service Research. Vol. 7 (1), 20-41.

Lusch, R. F., Vargo, S. L., and O’Brien, M. (2007). Competing Through Services: Insights from Service-dominant Logic. Journal of Retailing. Vol. 83 (1), 5- 18.

Martin, R. (2010). The Age of Customer Capitalism. Harvard Business Review. Vol. 88 (1/2), 58-65.

Matthing, J., Sanden and Edvardsson (2004). New Service Development – Learning

from and with Customers. International Journal of Service Industry Man-agement. Vol. 15 (5), 479-498.

Neuendorf, K.A. (2002). The Content Analysis Guidebook. Clevelan State Universtiy.

Sage Publications, London. Thousands Oaks 1-25. Nokia Siemens Networks (NSN), Strategy. Available:

http://www.nokiasiemensnetworks.com/news-events/press-room/press-releases/nokia-siemens-networks-puts-mobile-broadband-and-services-at-the-heart-of-its-strategy (Accessed:19th Jan, 2013)

Näslund, D., Kale, R., Paulraj, A. (2010). Action Research In Supply Chain Manage ment-A Framework For Relevant And Rigorous. Journal of Business Logistics. Vol. 31 (2), 331-355.

Osterwalder, A. , Pigneur, Y. (2009).Business Model Generation. Available:

http://www.businessmodelgeneration.com/downloads/businessmodelgeneration_preview.pdf (Accessed: 10th Jan, 2013)

Payne, F. A., Storbacka K., Frow, P. (2008). Managing the Co-creation of Value. Journal of the Academy Marketing Science. Vol.36, 83-96.

Peltoniemi, M. and Vuori E. (2004). Business Ecosystem as the New

Approach to Complex Adaptive Business Environments. Tampere University of Technology. 1-15.

Pink Link (2005). ITIL. Available: www.pinkelephant.com (Accessed: 10th Feb, 2013) Prahalad, C. K. and Ramaswamy, V. (2004). Co-creating Unique Value with Custom

ers Strategy and Leadership. Vol. 32 (3), 4-9.

Prahalad, C. K. (2010). Best Practices Get You Only So Far. Harvard Business Re-view. Vol. 88 (48), 32.

Prahalad, C. K. and Venkatram, R. (2003). The New Frontier of Experience Innova-

tion. MIT Sloan Management Review. Vol. 44 (4), 12-18

Page 96: Operational Level IT Governance Model - Theseus

94

Prahalad, C. K. and Venkatram, R. (2002). The Co – Creation Connection. Strategy and Business Issue. Vol.27(1) , 1

Pöppelbuß, J., Plattfaut, R., Ortbach, K., Malsbender, A., Voigt, M., Niehaves, B., and Becker, J. (2011). Service Innovation Capability: Proposing a New Framework. IEEE: Proceedings of the Federated Conference on Com-puter Science and Information Systems, 545-555.

Quinton, S., Smallbone, T. (2006) Postgraduate Research in Business. A Critical Guide. Sage Publications 1-167 The Best Management Practice Products, IT Service Management. Available:

http://www.best-management-practice.com/IT-Service-Management-ITIL/ (Accessed: 18th December, 2012). Vargo, S. L. and Lusch, R. F. (2011). It's all B2B…and Beyond: Toward a Systems

Perspective of the Market. Industrial Marketing Management. Vol. 40 (2), 181-187.

Vargo, S. L., Maglio, P. P., Akaka, M. A.(2008). On Value and Value Co-creation: A

Service Systems and Service Logic Perspective. Implementing IT Govern-ance. A Practical Guide to World Class IT Management Using Current & Emerging Best Practices. IT Governance. Vol. 26 (3), 145-152.

Weill, P. and Ross, J.W. (2004). IT Governance: How Top Performers Manage IT De-

cision Rights for Superior Results. MIT Sloan School of Management.15. Scheithauer. G., Augustin, S., Wirtz, G.(2011). Describing Services for Service Ecosys-

tems. Siemens AG, Corporate Technology, Knowledge Management. 1- 9 Selig, G. J. (2008). Implementing IT Governance: A Practical Guide to World Class IT

Management Using Current & Emerging Best Practices. Philadelphia: GPS Group. Available: http://www.philadelphia.edu.jo/academics/aalawneh/uploads/PowerPoint.pd (Accessed: 12th Jan, 2013)

Smedlund, Anssi (2012). Innovation and Service Innovation: Lecture. Metropolia Uni-

versity of Applied Science, Aalto University School of Science. 3-29. 12th Oct, 2012.

Yin, R.K. (2003). Case Study Research – Design and Methods. 3rd edn. Thousand

Oaks, CA: Sage Publications.

Page 97: Operational Level IT Governance Model - Theseus

Appendix 1

1 (2)

Appendix 1

Discussions on Model Development (Round 1). Current Practice Analysis

Interviews were conducted personally through virtual meetings with the case company

unit heads. The following field notes were taken for capturing the discussion.

Summary of the Results (Round 1)

New BSST Model (version 1 creation)

Round 1

Event Discussion 1

Participants

- Head of IT Partnering Unit - Head of IT Quality Unit

- Head of IT Performance Assurance Unit - Head of IT CIO Unit

- Head of IT MADO Unit - Head of IT Infrastructure Unit

- Researcher; IT for R&D Unit, Product and Program Mgmnt Services Owner

Date 10 December 2012, 10:00-13:00 EET

Recommendations

- Previous outsourcing exercises’ nature, motivation, weaknesses shall be

well understood to capture aim of the new one.

- Roles, responsibilities, purpose, deliverables, mandate, expectations from

and list of participants for existing BSST in new MoO, to be reviewed. Im-

provement ideas shall be introduced with in new version.

- Commercial model and outsourcing contract to be reviewed from business

services’ SLA KPIs and commonly shared KPIs perspective to understand

level of the BSST reflection on those.

- Analysis needed for which IT governance processes shall be added into

scope of BSST responsibility for placing BSST in Joint Sphere in value

network.

- Relationship between BSST and other forums to be analyzed to draw line

between to prevent overlaps for roles and responsibilities.

Based on Memo 1

Page 98: Operational Level IT Governance Model - Theseus

Appendix 1

2 (2)

Memo 1

Date 10 December 2012, 10:00-13:00 EET

Details Kick-off Meeting “Operational Level IT Governance Model to Ensure Value

Co-Creation”

Chair Yilmaz Karayilan

Attendees -Head Of IT Partnering, Quality, Performance Assurance, CIO, MADO and

Infrastructure Units

-Researcher; IT for R&D, Product and Program Mgmnt Services Owner

Agenda -Introduction to proposal of business problem, research questions and ob-

jectives.

-Analysing and discussing the current practices from the IT governance

processes perspective and the new commercial outsourcing agreement

-Research Objective verification

-Gathering Feedback for first proposal version

-Next Steps

Minutes -Master’s Thesis research problem and objective reviewed, discussed and

jointly agreed.

-Unit Heads support Thesis objective as valuable and applicable. It is re-

quested to review the first proposed model with other IT Unit MoO, Partner-

ing and Performance Assurance experts who are working with new MoO

development.

-Operational level steering team (BSST), its governance processes impor-

tance in ecosystem discussed. The question from participants was if it is

only exist for performance monitoring or is it the right place to enable value

co-creation, implement contract commercial model and secure wealth of

ecosystem actors.

-After valuable discussions based on experiences, it was decided to improve

the current practices by having better visibility and stressing the importance

of the BSST in the new MoO for efficiency of the strategy execution.

-The highlighted issues were: Is the Business Service really closest and

important entity to the case company’s IT end user community where value

co-creation and stakeholders’ satisfaction can be enabled through opera-

tional level activities, service provision? Another argument was that the

tactical steering teams and their processes should be capable to enable

value co-creation and BSST should just ensure performance of the service

provision.

Page 99: Operational Level IT Governance Model - Theseus

Appendix 2

1 (6)

Appendix 2

Discussions on Model Development (Round 2)

Interviews were conducted personally, in face-to-face meetings and virtual meetings

with the experts to introduce the research objective, and propose the first version of the

model and receive feedback. The following field notes were taken for capturing the

discussion.

Summary of the Results (Round 2)

New BSST Model (version 1 verification, version 2 creation)

Round 2

Event s Discussion 2 – 5

Participants

- Head of IT Partnering Unit - Head of IT Quality Unit

- Head of IT Performance Assurance Unit - Head of IT CIO Unit

- Head of IT MADO Unit - Head of IT Infrastructure Unit

- Business Owner for Product and Program Mgmnt Services

- IT for R&D, Capacity Services Owner - IT Partnering Unit, Tools and Process Owner

- Researcher; IT for R&D Unit, Product and Program Mgmnt Services Owner

Date 19 December 2012 – 11 January 2013

Recommendations

for improving the

first version of the

proposed model

- Participant list, “seat for whole stakeholders” shall be extended with roles

from other IT Units for enabling value creation towards BSST. It is need-

ed to ensure alignment of the deliverables with whole other IT and busi-

ness strategic targets and developing efficient interactions with other

units to receive input and give feedback.

- For moving BSST into joint sphere, responsibilities need to be increased

to ensure concrete deliverables that are visible to stakeholders, such as

introducing and approving innovative initiatives.

- Increase mandate of the BSST with granting decision rights at own busi-

ness process area.

- Develop relationship between BSST and other governance processes with

giving roles, responsibilities in those processes.

- Draw line between BSST and other tactical, strategic governance models

to prevent overlaps from roles and responsibilities perspective.

- Arrange seats in BSST for Vendors also.

- Arrange seat for Business Owners for receiving Stakeholder perception for

BSST members.

- Continuously improve agenda and deliverables of BSST based on feed-

back received from members and key stakeholders, addition to changes

in MoO.

Page 100: Operational Level IT Governance Model - Theseus

Appendix 2

2 (6)

- Introduce community pages for improving BSST interactions between us-

er community, Vendors and other IT Units

- Introduce newly introduced SLA KPIs and commonly shared KPIs to

BSST members, baseline those with members and follow up development

in BSST regularly

Page 101: Operational Level IT Governance Model - Theseus

Appendix 2

3 (6)

Memo 2

Date 19 December 2012, 11:00-14:00 EET

Details Introduction to proposal; Operational Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees -Head Of IT Partnering, Quality, Performance Assurance, CIO, MADO and

Infrastructure Units

-Researcher; IT for R&D, Product and Program Mgmnt Services Owner

Agenda -Introducing revised version of the business problem, research question and

objective.

-Analysing and discussing about current practices

-Introducing first proposed model

-Feedback

-Next Steps

Minutes -Thesis’s revised research problem and objective were reviewed, discussed

and verified.

- Conceptual Framework, where from operational level steering team ap-

proach, its role responsibilities, target, performance follow-up and planned

interactions in ecosystem were introduced and discussed

-First versions of proposed IT Governance model including roles and respon-

sibilities are introduced that is developed based on company practices and

collected data at Round 1.

-Need for the moving BSST into joint sphere for enabling value co creation

discussed.

-Mandate of the BSST and relation to other governance processes discussed

-Importance of the performance measuring and available mechanisms are

discussed.

-Importance of the interactions from community pages discussed.

Unit Heads support outcome proposal as valuable and applicable and re-

viewing it with other IT Unit MoO, Partnering and Performance Assurance

experts is requested.

Action Points -Researcher to arrange meeting with above attendees introduce second

version of the proposal

-Researcher to introduce first version of the proposal to other nominated

experts in ecosystem

Page 102: Operational Level IT Governance Model - Theseus

Appendix 2

4 (6)

Memo 3

Date 20 December 2012, 12:00-13:00 EET

Details Introduction to proposal; Operational Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees - IT for R&D, Product and Program Mgmnt Services Business Owner

Agenda -Introduction to business problem, research question and objective

-Analysing and discussing about current practices

-Introducing first version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Master’s Thesis objective and business problem are introduced.

-First version of IT Governance model as a draft proposal was introduced

-Conceptual Framework, where from operational level steering team ap-

proach, its role responsibilities, target, performance follow-up and planned

interactions in ecosystem were introduced and discussed.

-Business Service Owner has noticed importance of the capability clusters

steering teams as tactical level governance at value co-creation process and

he wanted to ensure it is visible in this study.

Action Points -Researcher to improve proposed model based on feedback received.

Page 103: Operational Level IT Governance Model - Theseus

Appendix 2

5 (6)

Memo 4

Date 7 January 2013, 14:00-15:00 EET

Details Introduction to proposal; Operational Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees - IT for R&D, Capacity Services Owner

Agenda -Introduction to business problem, research question and objective

-Analysing and discussing about current practices

-Introducing first version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Master’s Thesis objective and business problem are introduced.

-First version of IT Governance model as a draft proposal was introduced

-Conceptual Framework, where from operational level steering team ap-

proach, its role responsibilities, target, performance follow-up and planned

interactions in ecosystem were introduced and discussed.

-R&D Capacity Service owner wanted to point out need of clarifying level of

mandate for BSST to be efficient in new Mode Of Operation. He plans to

execute BSST in his area after 1 May 2013 when contract goes live. Till

then he would like to follow development of the model.

Action Points - Researcher to improve proposed model based on feedback received.

Page 104: Operational Level IT Governance Model - Theseus

Appendix 2

6 (6)

Memo 5

Date 11 January 2013, 14:00-15:00 EET

Details Introduction to proposal; Operational Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees - IT Partnering Unit, Tools and Process Owner

Agenda -Introduction to business problem, research question and objective

-Analysing and discussing about current practices

-Introducing first version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Master’s Thesis objective and business problem are introduced.

-First version of IT Governance model as a draft proposal was introduced

-Conceptual Framework, where from operational level steering team ap-

proach, its role responsibilities, target, performance follow-up and planned

interactions in ecosystem were introduced and discussed.

-Tools and Process Owner would like to know how model will be tested and

how output of model will be verified, addition to what is the will be the

performance development follow up mechanisms in this study.

-He wanted to understand why some roles like IT Transformation manager

has seat in BSST and what value it will bring. Further discussions about this

topic carried out by reviewing company documentation about this role and

responsibilities. End result show that this role is needed in BSST to follow up

development of the IT transformation activities to align those with other

ongoing ones.

*Action Points - Researcher to improve proposed model based on feedback received..

Page 105: Operational Level IT Governance Model - Theseus

Appendix 3

1 (18)

Appendix 3

Discussions on Model Development (Round 3)

Interviews were conducted personally, in face-to-face meetings and virtual meetings

with the experts for reviewing second proposal of the model to wider audience in eco-

system. The following field notes were taken for capturing the discussions.

Summary of the results (Round 3)

New BSST Model (version 2 introduction and version 3 creation)

Round 2

Event s Discussion 6 – 13 (4 questioner)

Participants

- Head of IT Performance and Assurance Unit

- Head of IT Quality Unit - Head of IT CIO Unit

- Head of IT Partnering Unit - Vendor Wipro Account Manager for the case company

- Vendor ATOS Account Manager for the case company - Supplier IBM Account Manager for the case company

- IT Enterprise Release Manager - IT Stakeholder Manager

- Vendor Wipro Account Manager - IT Enterprise Architect

- Researcher; IT for R&D Unit, Product and Program Mgmnt Services Owner

Date 17 January – 20 February 2013

Recommendations

for improving the

second version of

the proposed model

- In BSST, common KPI Run Vs Build ratio need to be followed to see it is

increased to expected level 60 % vs 40% from current 75% to 25%. For

this purpose, there shall be specific agenda item to ensure that cost sav-

ings occurs and applied for financing innovations.

- There shall be agenda item to capture activities , resource exchange for

mutual success to follow up paradigm shift.

- There shall be agenda item to follow development of the stake holder

perception while securing vendors' wealth with investing innovations.

- While given seat to every stakeholder in BSST, it is also necessary to

share equal power to members to secure open and innovative discus-

sions.

- In case needed for time being, ensure suppliers’, who are supporting eco-

system indirectly, voice also heard in BSST.

- Purpose and objective of the BSST shall be crystal clear with agenda

items.

- Drawing line between other governance processes and BSST is needed to

prevent overlapping activities and securing necessary communication

flow.

Page 106: Operational Level IT Governance Model - Theseus

Appendix 3

2 (18)

- Enabling strategic alignment with other IT Units and Business within

BSST.

- Enabling transparency to performance development and powering inter-

actions via community pages needed.

Memo 6

Date 17 January 2013, 13:00-14:00 EET

Details Progress and Validation; Operational Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees - Head of IT Performance and Assurance Unit

Agenda -Introducing second version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Conceptual Framework, where from operative level steering team approach,

its role responsibilities, target, performance follow-up and planned interac-

tions in ecosystem is re introduced.

-Improved version of IT Governance model is introduced.

-Unit Head would like to notice importance of highlighting real motives of

latest outsourcing and difference from others like cost saving never achieved

with outsourcing resources if innovations are not enabled/encouraged in the

same time with vendors. He highlighted that most of the IT cost already

comes from outsourced resources so more outsourcing won’t decrease IT

cost.

-He emphasized importance of investing in innovations triggered pro-

ject/programs equally than investigating IT service provisions will enable

continues improvement.

Action Points -Researcher to improve proposal’s target based on received feedback.

Page 107: Operational Level IT Governance Model - Theseus

Appendix 3

3 (18)

Memo 7

Date 18 January 2013, 15:00-16:00 EET

Details Progress and Validation; Operational Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees -Head of IT Quality Unit

Agenda -Introducing second version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Conceptual Framework, where from operative level steering team approach,

its role responsibilities, target, performance follow-up and planned interac-

tions in ecosystem is re introduced.

-Improved version of IT Governance model is introduced.

-Unit Head would like to notice importance of highlighting paradigm shift

need from value in exchange to value co-creation in MoO with all ecosystem

actors and wishes that it is in this study’s scope and governance model

supports it fully. Researcher agrees with it fully and ensures that this gov-

ernance model enforce paradigm shift in ecosystem with adding additional

participant in list and extending deliverables.

Action Points -Researcher to highlight paradigm shift need from value in exchange to

value co-creation in MoO with revised proposal of this governance model.

Page 108: Operational Level IT Governance Model - Theseus

Appendix 3

4 (18)

Memo 8

Chair Yilmaz Karayilan

Attendees - Head of IT CIO Unit

Agenda -Introducing second version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Conceptual Framework, where from operative level steering team approach,

its role responsibilities, target, performance follow-up and planned interac-

tions in ecosystem is re introduced.

-Improved version of IT Governance model is introduced.

-Unit Head would like to notice importance of Stakeholder positive percep-

tion rather than focusing too much vendors’ wealth. He also would like to

move operative level steering teams into tactical level ones, where IT can

get embedded into business and wise verse.

-Discussions around which governance process is right place to create value

was discussed mostly and previously received feedbacks have been intro-

duced to support proposed model.

Action Points -Researcher to ensure in governance model highlighting importance of

stakeholder satisfaction.

Page 109: Operational Level IT Governance Model - Theseus

Appendix 3

5 (18)

Memo 9

Date 24 January 2013, 13:30-14:30 EET

Details Progress and Validation; Operative Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees - Head of IT Partnering Unit

Agenda -Introducing second version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Conceptual Framework, where from operative level steering team approach,

its role responsibilities, target, performance follow-up and planned interac-

tions in ecosystem is introduced.

-Improved version of IT Governance model is introduced.

-Unit Head supports outcome proposal fully and would like to introduce

those to other Business Services soon. However, it was agreed that after

actual execution and improving model based on feedback received after that

is important step before it can be introduced to others.

Action Points -Researcher to introduce model to other BS right after validity check.

Page 110: Operational Level IT Governance Model - Theseus

Appendix 3

6 (18)

Memo 10

Date January 2013, 11:30-12:30 EET

Details Progress and Validation; Operative Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees -Vendor Wipro Account Manager for the case company

Agenda -Introduction to business problem, research question and objective

-Analysing and discussing about current practices

-Introducing second version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Master’s Thesis objective is introduced.

-Conceptual Framework, where from operative level steering team approach,

its role responsibilities, target, performance follow-up and planned interac-

tions in ecosystem is introduced.

-Improved version of IT Governance model is introduced.

-Vendor account manager showed very much interest in this study especially

revised outcome proposal. However, he would like to notice importance of

vendors role at value facilitations and creation and having mandate for this

operative level governance model to secure vendors’ benefit and wealth

also. Otherwise, model is fully supported and vendor will sent own represen-

tatives to support and take sit in governance model.

Action Points -Researcher to highlight importance of vendors’ wellbeing and being true

partner in new ecosystem.

Page 111: Operational Level IT Governance Model - Theseus

Appendix 3

7 (18)

Memo 11

Date 28 January 2013, 14:30-15:30 EET

Details Progress and Validation; Operative Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees - Vendor ATOS Account Manager for the case company

Agenda -Introduction to business problem, research question and objective

-Analysing and discussing about current practices

-Introducing second version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Master’s Thesis objective is introduced.

-Conceptual Framework, where from operative level steering team approach,

its role responsibilities, target, performance follow-up and planned interac-

tions in ecosystem is introduced.

-Improved version of IT Governance model is introduced.

-Vendor account manager would like to also notice importance of vendors

role at value facilitations and creation and having mandate for this operative

level governance model to secure vendors’ benefit and wealth also, addi-

tionally to have word on activities. He would like to have an independent

steering team that follows development for each BSST while BSST teams are

only taking care of own are.

Action Points -Researcher to highlight importance of vendors’ wellbeing and being true

partner in new ecosystem, importance of having vote on decisions. There

need to be independent follow up steering process to follow up over all

development in IT and it shall be added in scope.

Page 112: Operational Level IT Governance Model - Theseus

Appendix 3

8 (18)

Memo 12

Date 29 January 2013, 14:30-15:30 EET

Details Progress and Validation; Operative Level IT Governance Model to Ensure

Value Co-creation

Chair Yilmaz Karayilan

Attendees - Supplier IBM Account Manager for the case company

Agenda -Introduction to business problem, research question and objective

-Analysing and discussing about current practices

-Introducing second version of the proposed operational level IT governance

model

-Feedback

-Next Steps

Minutes -Master’s Thesis objective is introduced.

-Conceptual Framework, where from operative level steering team approach,

its role responsibilities, target, performance follow-up and planned interac-

tions in ecosystem is introduced.

-Improved version of IT Governance model is introduced.

-Vendor account manager also noticed importance of other suppliers’ role at

value facilitations and creation and having visibility to outcomes of this op-

erative level governance model. Even suppliers are now on indirectly linked

to eco system, they are also one the most important player to secure health

of it. Otherwise, model is fully supported and supplier is ready to support it

in way expected.

Action Points -Researcher to highlight importance of also suppliers’ wellbeing in new eco-

system and importance of having word at decisions as much as possible.

Page 113: Operational Level IT Governance Model - Theseus

Appendix 3

9 (18)

Memo 13

Date 18-20 January 2013

Interviewer Yilmaz Karayilan

Agenda - Business problem and research objective introduction - Proposed model introduction with agenda, objective, participants

and deliverables

- Introducing common KPIs that are to be followed in BSST addi-tion to traditional KPIs

- Execution of the interviews with questioner

Details NSN recently announced its new vision as

� Being the leader in Mobile Broadband telecommunications infrastructure sys-

tems as service provider

� To become a true standalone company with the financial strength.

� As a part of corporate restructuring efforts NSN IT organisation introduced a

new strategy called -IT as business partner as Lean IT

Aim is to develop a healthy, efficient ecosystem with newly selected vendors to..

� Re-position IT as a true business partner

� Improve collaboration with vendors

� Enable paradigm shift from value exchange to value co-creation in ecosystem

� Generate significant savings

� Re-new the enterprise architecture without disrupting NSN business continuity

� Create more agile IT services provision

The above described strategy means that:

� 60-70% of the current IT headcount is outsourced to external service vendors.

� Up to 20 current service providers will be replaced with a few selected ones.

� Lean IT will focus on...

o Establishing intensive partnerships based on a service dominant logic,

where selected service providers support NSN user community and mutu-ally co-create value in a newly introduced eco system.

o Strategy and Innovation

o Stakeholder management towards businesses

o Enhancing portfolio, release and architecture management

o Improving performance management of business services, projects, proc-

esses

Business Service Steering Team to ensure, secure value co-creation based on newly

introduced commercial model.

Page 114: Operational Level IT Governance Model - Theseus

Appendix 3

10 (18)

Common KPIs that are securing value co-creation in outsourcing contract.

BSST Meeting Agenda;

-Opening and business regards (Stakeholder Perception) ->Business Owners

-Key stakeholder moment ->Business Representatives (Visitor)

-Action points follow-up ->All

-Community site review ->All

-Ideas, demands, initiatives review and Go / Not Go decision making->All

-On air issues->All

-Service Level Management KPIs review and approval->Vendor

-Run financial development review and approvals->IT Service Owner

-Stakeholder management regards (User Perception) and Build financial development review

and approvals-> IT Stakeholder Manager

-Projects’ status review and necessary approvals->Business Analysts

-Overall roadmap and portfolio review and alignment ->Enterprise Release Manager

-Transformation initiatives review -> IT Transformation Manager

-Enterprise architecture alignment -> IT Enterprise Architect

-Prime vendor regards and Service Integrator approvals->Vendors

-Transition status review-> IT Transition Manager

-AOB..

Page 115: Operational Level IT Governance Model - Theseus

Appendix 3

11 (18)

Questionnaire 1

Date of the interview 18 February, 2013

Interviewer Yilmaz Karayilan

Informant (code) IT Enterprise Release Manager

Position in the case company Enterprise Release Manager for IT for R&D, Product Management

Services

Duration of the interview 30 minutes

Document Field notes

Topic(s) of the interview

QUESTIONS

FIELD NOTES

1 Starting point:

describe experi-ences in view of the topic/problem

Please give samples to clarify what is your role

and main tasks over all and in Business Service

Steering Team.

Are you familiar with

commercial model, true partnership vision that are

introduced by IT with newly signed outsourcing

/partnering contract ?

I am Enterprise Release Manager and looking after roadmap and project and Service portfo-

lio for IT for R&D Unit.

Yes, I am familiar with it and aware of its targets. I have received contract training.

2 Identify strengths/problems

Does BSST seem to be correct forum for intro-ducing new ideas, produc-

ing innovative initiatives for securing and ensuring

value co-creation?

Right participants invited?

Is Agenda proper enough

to respond to expecta-tions?

Was the first meeting

responding to your expec-tations?

If you feel it was not suc-

cessful, not clear enough yet what are/were the

reasons?

Yes, this operational level steering team is correct for identifying, capturing and introduc-ing those to upper tactical and strategic levels

for final approval or rejection if significant investment needed.

Because this is a new setup and new MoO, the attendance list needs to be extended with

new names from vendors.

We couldn’t discuss innovations yet because

portfolios need to be clarified and identified. Otherwise agenda items are ok for now.

They were right discussions about what can be done and what can be agreed at this level.

From that perspective, it is a useful team and meeting. Otherwise it also met my expecta-

tions

That was the first meeting and scope was not

clear to the whole because MoO is new and people are not aware of its content much yet.

Time being to be improved by leaving.

3 Key concerns

What are your key con-

cerns from BSST, partner-ship vision, commercial

model, value co-creation perspective

Firstly, BSST authority, roles and responsibili-

ties are not clear enough to enable value co-creation yet because of changes in organisa-

tions are still ongoing and vendors are not on the board fully yet.

Page 116: Operational Level IT Governance Model - Theseus

Appendix 3

12 (18)

Secondly, to achieve innovation creation, more discussions needed from different per-

spectives from different roles. There should not be high barriers to introduce ideas and

attendances need to be encouraged. Place for throwing ideas is needed. Improvising is al-

lowed fully.

Page 117: Operational Level IT Governance Model - Theseus

Appendix 3

13 (18)

Questionnaire 2

Date of the interview 19 February, 2013

Interviewer Yilmaz Karayilan

Name (code) of the informant IT Stakeholder Manager

Position in the case company Stakeholder Manager IT for R&D, Product Management Services

Duration of the interview 30 minutes

Document Field notes

Topic(s) of the interview

QUESTIONS

FIELD NOTES

1 Starting point:

describe experi-ences in view of the topic

problem

Please give samples to clarify what is your role and main tasks over all

and in Business Service Steering Team.

Are you familiar with commercial model, true

partnership vision that are introduced by IT with

newly signed outsourcing /partnering contract ?

I am Stakeholder Manager and accountable for successful business partnership between IT and business functions.

Yes, I am familiar with it and aware of its targets in some level. Partnership has been

highlighted all the time with supporting slogan

“we are in the same boat”, which refers strong commitments within contract.

2 Identify strengths/problems

Does BSST seem to be correct forum for intro-

ducing new ideas, produc-ing innovative initiatives

for securing and ensuring value co-creation?

Right participants invited?

Is Agenda proper enough

to respond to expecta-

tions?

Was the first meeting

responding to your expec-

tations?

If you feel it was not suc-

cessful, not clear enough yet what are/were the

reasons?

BSST at operational level shall be capable understand needs more than at strategic or

tactical level.

Vendor representatives need to be clarified

and their role in BSST from approvals per-

spective. Since new MoO is in still develop-ment, participant list may change still.

There are many topics, issues are ongoing

such as on flight projects while IT knowledge

transition which are causing too many discus-sions. We might not have enough time to

touch to innovations properly yet but still some of them discussed as knowledge shar-

ing.

It met the expectations at some level, even

agenda and participants where new to me. It shall be developed further based on feedback

gathered from participants after meeting.

Since this is the first meeting, I can‘t rate success level but surely it gave some picture

to me about what others do.

3 Key concerns

What are your key con-cerns from BSST, partner-

ship vision, commercial

We need to secure quality of service first and then push for innovations. This new setup

makes things complicated at the very begin-

Page 118: Operational Level IT Governance Model - Theseus

Appendix 3

14 (18)

model, value co-creation perspective

ning. I don’t have yet visibility to negative site effect of the common KPIs.

4 Analysis In which areas e.g. gov-erning through BSST eco

system do you think there is/will be space for im-

provement?

In what way? Any idea

how could that be done?

Interactions with in company and external world. Business service is new approach and

contains many IT services that need be man-aged by us. We shall well align and inform our

activities with business and community sites are good mechanisms for that rather than

emails.

5 Best practice Do you think we have some guidelines of how to

do enable, follow-up value co-creation?

What best practice do you think we should / should

follow as for?

What would be the key success factors?

There is no clear message, guidance or way of working to enable it. We shall manage it

our self at the beginning with our common sense and professionalism that applied in

BSST.

Key success factor is relies on ensuring roles

and responsibilities are right and enough level mandate is given for immediate actions, deci-

sions.

Page 119: Operational Level IT Governance Model - Theseus

Appendix 3

15 (18)

Questionnaire 3

Date of the interview 19 February, 2013

Interviewer Yilmaz Karayilan

Name (code) of the informant Vendor Wipro Account Manager

Position in the case company Account Manager / Program Manager, Vendor

Duration of the interview 30 minutes

Document Field notes

Topic(s) of the interview

QUESTIONS

FIELD NOTES

1 Starting point:

describe experi-ences in view of the topic

problem

Please give samples to clarify what is your role and main tasks over all

and in Business Service Steering Team.

Are you familiar with commercial model, true

partnership vision that are introduced by IT with

newly signed outsourcing /partnering contract?

I am Program Manager, representing Vendor to ensure project portfolio alignment and QoS in service delivery, provision.

I am familiar with it because of the vendor

internal trainings. There is need for deeper look to understand more SLA KPIs and espe-

cially common KPIs and how to follow those in practices and in which forum.

2 Identify strengths/problems

Does BSST seem to be correct forum for intro-

ducing new ideas, produc-ing innovative initiatives

for securing and ensuring value co-creation?

Right participants invited?

Is Agenda proper enough to respond to expecta-

tions?

Was the first meeting responding to your expec-

tations?

If you feel it was not suc-

cessful, not clear enough yet what are/were the

reasons?

It is good for starting, I need to have more visibility to agenda and things to be discussed

to get right people on board. Additionally what is expectation from vendor, how to

cooperate for value creation needs exercising.

Dynamic agenda is needed to respond chang-ing demands..

At least most important participants, who can make decisions of forward for approval is

invited.

Yes it is. Almost all necessary topics that we

would like to have visibility is covered in part-nership mode without hiding and that helps

us to plan better

Yes it was, if we think this is the only BSST arranged in the company to take care of eco-

system.

3 Key concerns

What are your key con-

cerns from BSST, partner-

Page 120: Operational Level IT Governance Model - Theseus

Appendix 3

16 (18)

ship vision, commercial model, value co-creation

perspective

Whether this meeting is right place for value

proposal for each areas..It might be so that we won’t be capable to cover all IT service

and projects to ensure principles applied for whole.

4 Analysis In which areas e.g. gov-erning through BSST eco system do you think there

is/will be space for im-provement?

In what way? Any idea how could that be done?

There need to be mechanism to ensure per-formance development and aligning achieve-ments with contract to ensure monetary value

is gathered for us at over all IT level also. Capturing it in BSST might not be enough for

whole cases.

5 Best practice Do you think we have some guidelines of how to

do enable, follow-up value co-creation?

What best practice do you

think we should / should

follow as for?

What would be the key success factors?

Contract show direction what need to be done from this outsourcing case perspective for

whole. However is it enough well, we need to see after 1st of May, when we start to leave

with it.

Key success depends on clearly defined roles

and responsibilities and having mandate to execute initiatives with BSST decisions.

Page 121: Operational Level IT Governance Model - Theseus

Appendix 3

17 (18)

Questionnaire 4

Date of the interview 20 February, 2013

Interviewer Yilmaz Karayilan

Name (code) of the informant IT Enterprise Architect

Position in the case company IT Enterprise Architect for IT for R&D Unit

Duration of the interview 30 minutes

Document Field notes

Topic(s) of the interview

QUESTIONS

FIELD NOTES

1 Starting point:

describe experi-ences in view of the topic

problem

Please give samples to clarify what is your role and main tasks over all

and in Business Service Steering Team.

Are you familiar with commercial model, true

partnership vision that are introduced by IT with

newly signed outsourcing /partnering contract?

I am Enterprise Architect and I am account-able for architectural alignment in overall IT.

Yes, I am full visibility it because I was nego-tiation it and I added, created content with

team all the way.

2 Identify strengths/problems

Does BSST seem to be correct forum for intro-

ducing new ideas, produc-ing innovative initiatives

for securing and ensuring value co-creation?

Right participants invited?

Is Agenda proper enough

to respond to expecta-

tions?

Was the first meeting

responding to your expec-

tations?

If you feel it was not suc-

cessful, not clear enough yet what are/were the

reasons?

Operational level steering teams are mostly likely is correct place to capture need and

align with strategy. That is why, I support BSST as correct forum

Based on lately introduced roles, I can say

right roles are invited to BSST, who shall have understanding and aim if it.

Discussion level about what can be done and

what can be agreed came up with agenda. IT

means expected deliverables are covered. Anyhow further development is needed.

First meetings are always having challenges for explaining purpose. Such as scope was not

clear to me fully but I catch up at the middle of the meeting so that has responded at some

level my expectations.

3 Key concerns

What are your key con-cerns from BSST, partner-

ship vision, commercial

Authority is not clear yet between Strategic, Tactical and Operative level governances.

Where is the red line, which can decide or

Page 122: Operational Level IT Governance Model - Theseus

Appendix 3

18 (18)

model, value co-creation perspective

approves initiatives’ implementations is the yet question to be answered.

4 Analysis In which areas e.g. gov-erning through BSST eco

system do you think there is/will be space for im-

provement?

In what way? Any idea

how could that be done?

Sharing clearly decision making bodies and level need to be cleared in each level. By time

being building blocks will be strengthen.

5 Best practice Do you think we have some guidelines of how to

do enable, follow-up value co-creation?

What best practice do you think we should / should

follow as for?

What would be the key success factors?

Through this BSST, I got first time guidance and message where it can be truly enabled.

So I would like to introduce this BSST as best practices in the company and ensure it is

applied in whole IT.